Insufficient Postage Results In Data Breach, No Word On Disk Encryption Use.

Medical Mutual of Ohio, a health insurer, has announced the loss of eleven computer disks that may affect 36,000 retired Ohio employees.  A preliminary investigation has laid the blame on insufficient postage.  Medical Mutual hasn’t revealed whether the contents on those disks were encrypted, although one hopes something like hard drive encryption or file encryption was used to protect the information of those retirees.


Insufficient postage.  Man, this is a new low.  I’m pretty familiar with instances where CDs and other digital storage media went missing en route via mail or courier services.  And, honestly, such losses are expected.  Packages and mail go missing all the time; the fact that you sent sensitive data does not preclude it from disappearing during delivery.  However, sensitive data being circulated in the US Postal System because of insufficient postage?  Sheesh.  It’s like something out of Seinfeld.


Five retiree groups are affected by this latest data breach, including the School Employee Retirement System (SERS), the State Teachers Retirements System (STRS), the Ohio Police and Fire Fund, and the Ohio Highway Patrol Retirement System


According to spokesman Ed Byers at Medical Mutual, they now see that the disks should have been hand-delivered, ideally.  And, according to some accounts, the disks were hand-delivered in the past.  There is no information on why the disks were mailed in this particular instance, although it explains the odd cause of this data breach: There was insufficient postage because these disks were never mailed out before.  One’s bound to have problems the first time something is attempted, although this particular one is laughably egregious.


Efforts to recover the disks are underway.  The mail recovery center in Atlanta (which, is a long ways away from Ohio) has been searched for the missing disks but failed to turn them up.  If the disks ultimately don’t show up, the health insurer has plans to provide credit protection to all who are affected.


Medical Mutual had the right idea regarding data security when they decided to hand-deliver those disks in the past.  I have no doubt their investigations will show that someone wasn’t following company policies when these disks were mailed out.  However, I’d say they’re a little short when it comes to data security practices.  Where is the guarantee that the people delivering the disks won’t be robbed?  Or that they won’t inadvertently lose the disks?


Or that someone will mail that stuff out by accident?  That’s right, there are no guarantees.  The chances of such a breach happening may seem miniscule, but history has shown that it happens, and that it happens often.  Unfortunately, there is no way to eliminate the chances all the way down to zero — it’s a mathematical impossibility.  What one can do, though, is lower the chances of a data leak all the way down to a a number that’s relatively close to zero.  We’re talking about a number that is so small you’d say a trail of snail slime is the Yangtze River in comparison.  There are plenty of products out in the market that will allow one to do this, including AlertBoot data security solutions.  It’s called encryption, and i allows you to stack the odds on your side in the event something goes *poof*.


Related Articles:
http://www.bizjournals.com/columbus/stories/2008/10/20/daily37.html
http://www.dispatchpolitics.com/live/content/local_news/stories/2008/10/24/copy/Lost.ART_ART_10-24-08_B1_VJBMI5R.html?adsec=politics&sid=101
http://www.nbc4i.com/midwest/cmh/news.apx.-content-articles-CMH-2008-10-24-0012.html
http://www.marketwatch.com/news/story/Ohio-Health-Insurer-Investigates-Missing/story.aspx?guid={1986D81E-510B-45F6-BAC0-1B1299A3C4E2}
http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/122483722188720.xml&coll=2



Comments (0)


Let us know what you think