in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Full Disk Encryption: AZ Attorney General Also Investigating Health Net

Health Net's loss of a hard drive that was not protected with drive encryption is really beginning to pay dividends.  The wrong kind of dividends.  Arizona's Attorney General has now announced that he will investigate whether Health Net has broken any state laws due to the breach.

Second Attorney General Investigating Company

Attorney General Goddard of Arizona is the second state AG to announce an investigation on Health Net.  The first one is Richard Blumenthal, Attorney General of Connecticut.  Both AGs have expressed dismay and displeasure at the fact that Health Net took six months to contact the affected.

If you'll recall, Health Net lost an unencrypted hard disk with information on over 1.5 million patients across four states.  The hard disk contained Social Security numbers and bank account numbers, meaning this is not a run-of-the-mill medical breach.  Indeed, I don't see--in terms of the breached data--how much different it would be from a breach involving a financial institution.  The ramifications of this breach are probably direr than, say, losing a bunch of x-rays.

Approximately 316,000 Arizona residents were affected by this breach, including past policy holders.

In the Most Expedient Manner Possible

I've read quite a number of law passages relating to data breaches and their notifications, and as I recall, in all cases there has been a provision to the effect of alerting affected state residents "in the most expedient manner and without unreasonable delay."  Unreasonable delays are generally introduced when law enforcement requests that the breach not be made public while an investigation takes place (which makes them reasonable, I guess).

In the case of Health Net, however, there is no mention of such a request.  Based on what I've read so far, it looks like Health Net actually needed the six months to figure out what was on the stolen hard disk and who to notify.

If so, couldn't one argue that it was a reasonable delay?  They couldn't notify anyone any earlier because they didn't have the list.  On the other hand, I did note before that six months seems like an inordinately long period to reconstitute the hard disk's contents.

All of this would have been moot, though, if encryption software like AlertBoot had been used on the missing drive.  Question: Are New York's and New Jersey's AGs also going to announce an investigation?

Related Articles and Sites:
http://www.databreaches.net/?p=8369
http://www.azag.gov/press_releases/nov/2009/Health%20Net%20Letter.pdf

 
<Previous Next>

iPhone Worm Password Cracked By Data Security Company

Laptop Encryption Software Not Installed On Stolen Eisai Laptop

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.