CareFirst Dental HMO Exposes Data of 75,000 Members
One of the purposes of Endpoint Security is to actively prevent damages caused by inside threats. Such threats don’t always refer to malevolent employees waiting around the corners to steal proprietary technology or private records. It also refers to members of your organization being mugged or simply loosing their laptop, PDA, iPhone or flash drive with sensitive information. Moreover, it aims to prevent human errors. Though uncommon, personnel transferring the wrong data and exposing it to wrong doers does happen.
One of the most recent cases has been covered by The Baltimore Sun. A CareFirst BlueCross BlueShield dental HMO called Dental Network accidentally exposed personal information, including Social Security numbers, of about 75,000 members on a public Web site last month and didn’t notify them until about three weeks later.
Experts say security breaches such as The Dental Network’s – where the company itself inadvertently posts the information – are uncommon. More often, experts say, information is compromised when hackers break into a computer system or when computers are stolen – as happened with the theft of a National Institutes of Health laptop last month.
Although state laws impose timely notifications being sent to all those involved, The Dental Network discovered the security breach on February 20 and informed members through a letter letter send on March 10.
A state law passed last year requires businesses to promptly notify those potentially affected by a security breach or theft, according to the Maryland attorney general’s office. Approval followed the loss of computer tapes containing information on more than 135,000 Johns Hopkins employees and patients in early 2007.
The Dental Networks representative stated however that they did their best and announced their members as soon as they could. Still, drafting and editing a letter, printing it and mailing it should take a lot less than 3 weeks.
