funsec mailing list archives
Re: [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed
From: Dave Paris <dparis () w3works com>
Date: Sat, 21 Jul 2007 03:08:00 +0000
I've worked for one of Tricare's competitors. Nothing new under the sun. These people wouldn't know security if it dropped on their heads like an anvil. Hell, I had to bring my own taps and hardware in because I couldn't get a budget for *any* security. When I walked out, so did any sense of monitoring and the hardware to do it. As far as the LAN went, even between sites, the only RBAC ACL that existed was controlled by AD. HQ wouldn't even let us implement VLANs on a private /8 netblock. It was mindbogglingly asinine how upper management viewed security, with or without regard to HIPAA. Words to the wise .. do not *ever* dispute a healthcare bill and wind up going into mediation unless you have no other options and cannot absorb the cost. The final arbiter are companies like Tricare and the one I worked for. Regards, -dsp Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wow. - - ferg [forwarded message] Date: Fri, 20 Jul 2007 15:50:43 +0000 (UTC) From: lyger <lyger () attrition org> To: dataloss () attrition org http://www.armytimes.com/news/2007/07/military_saicdatabreach_070720w/ The personal health care records of close to 900,000 troops, family members and other government employees stored on a private defense contractor.s nonsecure computer server were exposed to compromise, the company announced Friday. SAIC said the information, maintained under several Tricare health care contracts with the Defense Department, included combinations of names, addresses, Social Security numbers, birth dates and/or "limited health information in the form of codes." It was stored on a single, SAIC-owned, nonsecure server "at a small SAIC location" and was in some cases transmitted over the Internet in an unencrypted form. The information was exposed while being processed, the company said. Although SAIC announced the data breach Friday, the company acknowledged it has known about the problems since May 29, when U.S. Air Forces Europe notified SAIC that it had detected "an unsecure transmission of personal information concerning uniformed service members and other individuals," according to a SAIC press release. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 213 million compromised records in 726 incidents over 7 years. [snip] -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGoR94q1pz9mNUZTMRAup9AKC8NEv+9Dwy8NHNTg4AzD3BA4YsNwCeNZu+ J27D3MymJh+4rKISJxNYEvA= =n4zi -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed Paul Ferguson (Jul 20)
- Re: [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed Brian Loe (Jul 20)
- Re: [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed Dave Paris (Jul 20)