Tuesday, December 1, 2009

Health Net breach failure of security policy, technology

I'm back from vacation and Thanksgiving - hope you all had a nice break!

Here is the latest SearchSecurity posting:

"The recent Health Net data breach—affecting some 1.5 million users—is a failure of all aspects of IT security, including the ability to set appropriate policy, communicate that policy to employees and deploy the relevant security technology.

Health Net announced last week that unencrypted records, and the portable external hard drive containing those records, were lost. A loss of this magnitude from normal business practice suggests that either sensitive data accumulated over a long period of time and was not systematically erased when no longer needed, or the user worked on extremely large chunks of data without proper security controls. IT should have been aware of both possibilities and acted to protect the business." ...

No comments:

Post a Comment