Data Breaches and Duck Hunts
added: 10.17.2013, by Mike Spinney
Ever have an uh oh moment after hitting send? You know – the kind of feeling that puts a little extra pucker in your backside? Maybe you hit “reply all” and didn’t check to see who all the recipients were, or you weren’t sure the attachment was the right one.
Sure you have. We all have. I had one this past weekend.
Luckily it was more of an amusing event since the attachment I sent was a picture from the old video game Duck Hunt. I intended to text it to a friend of mine who was, at that moment, sitting in a duck blind in Maine. Instead, I sent it to a buddy who was a bit confused when he got it.
Unfortunately, too many uh oh moments have consequences that are more serious. Perhaps they are personally embarrassing for the sender or one or more recipients. Or maybe they are the kind of slip-ups that result in a data breach.
CaroMont Health in Gastonia, North Carolina recently disclosed an uh oh moment that occurred when an employee sent an unsecured email containing sensitive personal health information of more than 1300 people to an unauthorized individual.
Columbia University Medical Center in New York recently disclosed an uh oh moment that occurred when an employee accidentally sent a database containing the personally identifiable information, including Social Security numbers of more than 400 medical students, to unauthorized individuals.
MNSure, Minnesota’s health insurance exchange, recently disclosed an uh oh moment that occurred when an employee accidentally emailed an unsecure database containing the personally identifiable information, including Social Security numbers of more than 2400 insurance agents, to an unauthorized individual.
University of Mississippi Medical Center, similar story.
Thanks to the Privacy Rights Clearinghouse’s data breach database I could go on.
These are all healthcare organizations. They are highly regulated when it comes to the management and security of patient data. They must comply with state data security regulations, federal health data security regulations, payment card industry standards and more. They’ve all likely invested a lot of time and money in the tools, processes, training, and personnel needed to maintain a high level of security, and yet mistakes happened. And mistakes will keep happening at these and similar organizations.
So what makes you think you’re no different? Awareness and vigilance are two of the most important aspects of any effective information security strategy. If you are aware of the risks, you’ll be more likely to do the things that mitigate those risks. You’ll double check your intended recipients; you’ll double-check your attached files; you’ll use available security tools; you’ll follow proper protocol.
That doesn’t mean that mistakes won’t be made, but it may be the difference between a database filled with personal data and an 8-bit video game screen grab.