PA Department of Public Welfare Computers Stolen with 375000 Citizens Affected
Technorati Tag: Security Breach
Date Reported:
9/11/07
Organization:
State of Pennsylvania
Contractor/Consultant:
Department of Public Welfare
Victims:
Pennsylvania medical assistance consumers
Number Affected:
375,000
Types of Data:
Coded information relating to the treatment of consumers in the behavioral health system. Name and Social Security numbers for 1,819 consumers.
Breach Description:
Two computers were stolen from a DPW office building in Harrisburg that may have contained personal information on medical assistance consumers. DPW has begun mailing notification letters to the approximately 375,000 individuals in the behavioral health system.
Reference URL:
http://www.state.pa.us/papower/cwp/view.asp?Q=467232&A=11
http://www.pennlive.com/midstate/patriotnews/article121468.ece
Report Credit:
Jan Murphy, Of The Patriot-News
Response:
From the online references above, including the State's official announcement:
"The Department of Public Welfare today began notifying medical assistance consumers in the behavioral health system whose personal information may have been contained on two computers that were stolen from a DPW office building in Harrisburg."
"There is no indication that any of the information on the stolen computers has been used inappropriately."
[Comfyllama] This doesn't mean much and is nothing more than a standard breach incident response. I am not sure what "indication" they have been searching for.
“The burglary was an unfortunate event and we sincerely apologize to all of those who may be affected by it,” said Public Welfare Secretary Estelle B. Richman
[Comfyllama] I respect apologies for the most part.
“The department is taking all appropriate steps to prevent an incident like this from occurring in the future and is working with both state and local authorities and community partners to help those potentially affected.”
[Comfyllama] I hope that the State of Pennsylvania adopts the same policies recently announced by the State of Connecticut.
"The majority of information on the computers, which was protected by multiple security passwords, did not identify consumers by name and contained only coded information relating to the treatment of consumers in the behavioral health system. However, the information for approximately 1,819 consumers did include names and Social Security numbers. "
[Comfyllama] Multiple security passwords is NO substitute for encryption.
"Consumers with questions or those who believe they have been affected should call the DPW hotline toll-free, , Monday through Friday from 8:30 a.m. to 5 p.m. "
[Comfyllama] If you are or have been a medical assistance recipient, I would suggest that you compile a list of questions, call and demand answers.
Commentary:
Unlike the recent breach affecting State of Connecticut residents, this one is unlikely to affect legislators directly. Legislators act quickly when something affects them directly. I hope these facts don't delay change in the State of Pennsylvania.
Sensitive data at rest needs to be encrypted, not just on laptops but on workstations and servers, and in databases.
Past Breaches:
None
Date Reported:
9/11/07
Organization:
State of Pennsylvania
Contractor/Consultant:
Department of Public Welfare
Victims:
Pennsylvania medical assistance consumers
Number Affected:
375,000
Types of Data:
Coded information relating to the treatment of consumers in the behavioral health system. Name and Social Security numbers for 1,819 consumers.
Breach Description:
Two computers were stolen from a DPW office building in Harrisburg that may have contained personal information on medical assistance consumers. DPW has begun mailing notification letters to the approximately 375,000 individuals in the behavioral health system.
Reference URL:
http://www.state.pa.us/papower/cwp/view.asp?Q=467232&A=11
http://www.pennlive.com/midstate/patriotnews/article121468.ece
Report Credit:
Jan Murphy, Of The Patriot-News
Response:
From the online references above, including the State's official announcement:
"The Department of Public Welfare today began notifying medical assistance consumers in the behavioral health system whose personal information may have been contained on two computers that were stolen from a DPW office building in Harrisburg."
"There is no indication that any of the information on the stolen computers has been used inappropriately."
[Comfyllama] This doesn't mean much and is nothing more than a standard breach incident response. I am not sure what "indication" they have been searching for.
“The burglary was an unfortunate event and we sincerely apologize to all of those who may be affected by it,” said Public Welfare Secretary Estelle B. Richman
[Comfyllama] I respect apologies for the most part.
“The department is taking all appropriate steps to prevent an incident like this from occurring in the future and is working with both state and local authorities and community partners to help those potentially affected.”
[Comfyllama] I hope that the State of Pennsylvania adopts the same policies recently announced by the State of Connecticut.
"The majority of information on the computers, which was protected by multiple security passwords, did not identify consumers by name and contained only coded information relating to the treatment of consumers in the behavioral health system. However, the information for approximately 1,819 consumers did include names and Social Security numbers. "
[Comfyllama] Multiple security passwords is NO substitute for encryption.
"Consumers with questions or those who believe they have been affected should call the DPW hotline toll-free, , Monday through Friday from 8:30 a.m. to 5 p.m. "
[Comfyllama] If you are or have been a medical assistance recipient, I would suggest that you compile a list of questions, call and demand answers.
Commentary:
Unlike the recent breach affecting State of Connecticut residents, this one is unlikely to affect legislators directly. Legislators act quickly when something affects them directly. I hope these facts don't delay change in the State of Pennsylvania.
Sensitive data at rest needs to be encrypted, not just on laptops but on workstations and servers, and in databases.
Past Breaches:
None
Posts Atom 1.0
Comments