Data breaches probed at New Jersey Blue Cross, Georgetown
Stolen laptop had personal data on 300,000 health plan members; swiped disk had data on 38,000
Computerworld - Companies are paying a lot of attention to securing their networks against malicious attackers and other threats, but some still lag in implementing similar measures for protecting data on desktops, laptops and portable storage devices.
The most recent examples are Horizon Blue Cross Blue Shield of New Jersey and Georgetown University, both of which faced data compromises this month.
Horizon today said it has notified about 300,000 of its members of the potential compromise of their personal information following the theft of a laptop containing the data on Jan 5.
A security feature on the stolen laptop automatically deleted all of the confidential information on Jan. 23, a company spokesman said. But it is not clear whether the thief who stole the computer accessed the data on the system before then, he said. The data on the laptop was unencrypted but password-protected.
"We think it is highly unlikely because the files were not readily identifiable as containing personal data," said Thomas Rubino, director of public affairs at Horizon Blue Cross Blue Shield, which services about 3.3 million people.
Rubino offered no explanation as to why the data deletion took place nearly three weeks after the computer was first reported stolen. "Obviously, if we had been able to do it before, we would have done it," he said. Blue Cross Blue Shield was in the midst of a data encryption project at the time of the theft. "Unfortunately, this computer did not have encryption on it," Rubino said. An alert posted on its Web site noted that the confidential information on the stolen laptop included names, addresses and Social Security numbers of its members. The laptop did not contain medical data on any members, the company noted.
The laptop was stolen from a health plan employee in Newark. The employee was authorized to have the information on his computer, Rubino said. But the individual appears not to have followed company policies for securing systems that are taken out of company facilities, Rubino said without offering any specifics.
Blue Cross Blue Shield is offering one year's worth of free credit-monitoring services to those affected by the breach.
Meanwhile, the theft of a computer disk from a locked room at Georgetown University in Washington has potentially exposed the Social Security numbers and other personally identifiable data of about 38,000 current and former students, faculty members and staffers between 1998 and 2006.
A university statement said the drive was stolen from an office within the university's Office of Student Affairs on Jan. 3. The unencrypted disk apparently was used to back up a computer that contained billing information for various student services, according to a story in the campus newspaper The Hoya.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts