Comments on: Data on 2.9 million Georgians goes missing

CD containing Social Security numbers, other personal information on people enrolled in Medicaid or PeachCare is lost.

[bob donut]

Why do they put these things in hard form?

Every so often you hear abotu a laptop or a CD being stolen with ALL the data for a company or government. Why do they still continue to put their eggs in one basket?

The problem isn't that the disk was stolen, the problems is that there was a disk in the first place.

[suyts]

no doubt

I makes you wonder if anyone there in the IT dept. ever heard of a data server. You know, a place to store data and back it up to some place secure. What are those morons doing? If stuff like this keeps happening, we(people in the tech industry) are going to be micro-managed by the feds and state. Fire the dumb-as*** responsible.

[jgaryt]

hard copy

It is unfortunate, but data is still required to be put into a format for importing or archiving purposes. However, many tools exist to protect that data in the event of a loss or breach of security. Simple whole disk encryption or passworded/encrypted zip technology is easily available, but the real issue is that most agencies and organizations don't have the appropriate policies and procedures in place, and the ones that do, often don't have the appropriate levels of training.

Data must exist somewhere, and it's going to be put on laptops, desktops, PDA's, CD's tapes and disks as long as we have to find ways to share information. Education is the key to protect these assets.

[Schratboy]

Removable media security

The hospital types want to have access to their information so dropping files onto a mem-stick of cd is fast and easy. They just assume that it won't leave their person or that it won't ever fall into another person's hands. The IT managers and Purchasing types won't spend the cash for media encryption so they leave the PHI exposed....seriously exposed. HIPAA stipulates protection of these types of devices with encryption so the execs and admins should be appropriately fined and rebuked...They're just too casual in how they treat other people's information. But, then again, they already got paid so they don't really care.

[wbenton]

Stupid is as stupid does!

If they had strong ISMS Security Policies in place, they would have KNOWN for surewhether the data was adequately protected.

If they had strong Security Policies in place, they would not have misplaced the disk in the first place.

By the way, what is an external company doing with internal private information?

Security should NEVER be outsourced!!!

Many think that security is too costly, but if you look at the loss of image/business, claims and credit reporting fees... implementing the "too costly" security tends to look like a bargain deal!!!

Walt