in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Security Update: Lost CalOptima CDs Found

We got the following notice in our e-mail from Laer Pearce & Associates:

Regarding the item you ran recently regarding a data breach at CalOptima, this matter has been resolved successfully.

From the healthcare blog at today's Orange County Register: Lost personal information of Medical members is found

October 29th, 2009, 6:00 am by Courtney Perkes

CalOptima, the county's Medi-Cal provider, has found lost electronic claims records that contain identifying information belonging to as many as 68,000 members.

Discs of data were lost two weeks ago after being sent certified mail by CalOptima's scanning vendor.

When only the packaging arrived, but not the box with the discs, CalOptima notified the state.

On Wednesday, the U.S. Postal Service located the discs in Atlanta, said Margaret Tatar, director of public affairs.

The discs were not password protected, but it appears no one accessed the confidential information, Tatar said.

CalOptima had planned to send letters notifying members of the lost information and offering them credit monitoring services.

Anyone with questions should call 800-509-4225 or visit http://www.caloptima.org/

The medical record data for adults and children included names, addresses, birthdays and some Social Security numbers.

Emphases are mine.

Well, that's surprising. My understanding is that one usually doesn't recover contents lost in the mail.  On the other hand, I've never seen actual numbers backing up such claims, which is probably apocryphal anyway.  Regardless, kudos to the US Postal Service.

I'm not too crazy about one aspect, though:  The disks were not password-protected.  I dislike that word, password-protection.  It's better than nothing, but as countless data security guys will tell you, password-protection is worth next to nothing.  Mentioning password-protection in notices such as this one spreads around the opposite notion: "Ah! If only the CDs had password-protection!  The data would have been safe!"

What they really should be mentioning is the lack of use of encryption.  I'm surprised; CalOptima's spokesperson had already said that they plan to "find out why the third-party claims-scanning vendor did not encrypt the data," meaning they already knew what the correct data protection tool was.

Overall, though, all's well that ends well.  CalOptima lucked out big time, though.  They really ought to follow up with their vendor, and make sure it doesn't happen again.

 
<Previous Next>

Disk Encryption Software: Ashford and St Peter's Loses USB Drives, Pledges Better Handling

Drive Encryption: Missing Tape Affects UK Farmers Tied To RPA

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.