The Insider Threat: Medicaid employee emails self PII on 220,000 people

Returning for a moment to another core focus of this blog (i.e. the “Data Like Digital Water” meme), I came across this – as yet anyway – little publicized data breach.

I know there are severe limits on firewall and gateway rulesets, and Data Loss Prevention systems aren’t perfect, and there are lots of subtle and technically advanced ways to exfiltrate data (ICMP tunnel anyone?) and all, but can we not agree that anyone with access to a quarter million people’s PII should have to work a little harder than “mailto:MyOwnAccount@yahoo.com”?

http://www.myrtlebeachonline.com/2012/04/19/2782968/sc-agency-says-information-leaked.html

It’s OK though, because the data that was lost apparently included their names and their Medicaid ID numbers.

I mean it’s not like it was their Social Security Numbers or anything. Oh… wait… what’s that? Oh, wait… I was wrong, their Medicaid ID numbers ARE their social security numbers.  Oh, ok.  Well that’s helpful.

I’m thinking Phishing reports in SC are maybe gonna take a jump soon?

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: