in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Insufficient Postage Results In Data Breach, No Word On Disk Encryption Use

Medical Mutual of Ohio, a health insurer, has announced the loss of eleven computer disks that may affect 36,000 retired Ohio employees.  A preliminary investigation has laid the blame on insufficient postage.  Medical Mutual hasn’t revealed whether the contents on those disks were encrypted, although one hopes something like hard drive encryption or file encryption was used to protect the information of those retirees.

Insufficient postage.  Man, this is a new low.  I’m pretty familiar with instances where CDs and other digital storage media went missing en route via mail or courier services.  And, honestly, such losses are expected.  Packages and mail go missing all the time; the fact that you sent sensitive data does not preclude it from disappearing during delivery.  However, sensitive data being circulated in the US Postal System because of insufficient postage?  Sheesh.  It’s like something out of Seinfeld.

Five retiree groups are affected by this latest data breach, including the School Employee Retirement System (SERS), the State Teachers Retirements System (STRS), the Ohio Police and Fire Fund, and the Ohio Highway Patrol Retirement System

According to spokesman Ed Byers at Medical Mutual, they now see that the disks should have been hand-delivered, ideally.  And, according to some accounts, the disks were hand-delivered in the past.  There is no information on why the disks were mailed in this particular instance, although it explains the odd cause of this data breach: There was insufficient postage because these disks were never mailed out before.  One’s bound to have problems the first time something is attempted, although this particular one is laughably egregious.

Efforts to recover the disks are underway.  The mail recovery center in Atlanta (which, is a long ways away from Ohio) has been searched for the missing disks but failed to turn them up.  If the disks ultimately don’t show up, the health insurer has plans to provide credit protection to all who are affected.

Medical Mutual had the right idea regarding data security when they decided to hand-deliver those disks in the past.  I have no doubt their investigations will show that someone wasn’t following company policies when these disks were mailed out.  However, I’d say they’re a little short when it comes to data security practices.  Where is the guarantee that the people delivering the disks won’t be robbed?  Or that they won't inadvertently lose the disks?

Or that someone will mail that stuff out by accident?  That’s right, there are no guarantees.  The chances of such a breach happening may seem miniscule, but history has shown that it happens, and that it happens often.  Unfortunately, there is no way to eliminate the chances all the way down to zero -- it’s a mathematical impossibility.  What one can do, though, is lower the chances of a data leak all the way down to a a number that's relatively close to zero.  We're talking about a number that is so small you'd say a trail of snail slime is the Yangtze River in comparison.  There are plenty of products out in the market that will allow one to do this, including AlertBoot data security solutions.  It’s called encryption, and i allows you to stack the odds on your side in the event something goes *poof*.

Related Articles:
http://www.bizjournals.com/columbus/stories/2008/10/20/daily37.html
http://www.dispatchpolitics.com/live/content/local_news/stories/2008/10/24/copy/Lost.ART_ART_10-24-08_B1_VJBMI5R.html?adsec=politics&sid=101
http://www.nbc4i.com/midwest/cmh/news.apx.-content-articles-CMH-2008-10-24-0012.html
http://www.marketwatch.com/news/story/Ohio-Health-Insurer-Investigates-Missing/story.aspx?guid={1986D81E-510B-45F6-BAC0-1B1299A3C4E2}
http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/122483722188720.xml&coll=2

 
<Previous Next>

Backup Tape Encryption Not As Prevalent At Companies, Leaves Large Data Security Hole

US-Style Data Breach Notifications Not The Model For UK: Data Breach, Data At Risk, And Overall Confusion

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.