in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software Not Used? How Does 5 Years Of Credit Protection Suit You?

If you'll recall, BlueCross BlueShield announced a data breach last month, when an employee lost a laptop with the information of all doctors in their network (apparently, something like 90% of all doctors nationwide).  While BCBS uses drive encryption software to secure data, it was in vain: the employee had downloaded the data to his personal laptop.

Not only is an Attorney General (Connecticut) looking into whether BCBS broke any laws, now they've got the AMA opining as well--and, in their opinion, BCBS should offer 5 years' worth of credit protection.

A policy adopted by American Medical Association House of Delegates,

...calls for the Blues association to offer at least five years of credit protection for all affected physicians, offer more than one company for protection, raise the amount of ID theft insurance and publicly report confirmed cases of identity theft.

The national Blues plan also should provide affected physicians easy access to credit-monitoring reports without cost, and give legal protection and indemnification to doctors for any losses resulting from the breach.

I can tell you right now that that last part is not happening.  I may not be a lawyer, but I've learned enough to know that no company in the US goes about indemnifying stuff if they can help it.  My guess is BCBS is going to, at least, fight that last provision tooth-and-nail.

What Would It Cost To Offer Credit Monitoring?

To date, we know that 850,000 doctors were affected.  Of those, 136,000 to 187,000 physicians used their SSNs as their tax IDs or NPI numbers.  BCBS is offering to pay for two years of credit protection for physicians at risk (the AMA seems to be implying that the offer should be five years for all 850,000 doctors, though).

Assuming that BCBS can get rock-bottom prices of $5 per doctor,

  • 2 years and 850,000 doctors: $8.5 million
  • 5 years and 850,000 doctors: $21.25 million
  • 2 years and 136,000 doctors: $1.36 million
  • 5 years and 136,000 doctors: $3.4 million

Of course, this is assuming that 100% of the physicians decide to sign up for credit monitoring.  (And why wouldn't they?  After all, it's not just the BCBS that goes around losing data.  Credit monitoring means monitoring for all instances of weird financial shenanigans, right?)

Remember, folks: data security is not just about using encryption software and calling it a day.  There's  more to it, like data monitoring, that requires constant vigilance.


Related Articles and Sites:
http://www.ama-assn.org/amednews/2009/11/23/prsg1123.htm

 
<Previous Next>

Data Security: 41% Of Employees Steal Corporate Data

iPhone Worm Password Cracked By Data Security Company

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.