This time it wasn't Anonymous or some other hacking group trying to make a name for itself. The South Carolina Department of Health and Human Services can blame one of its own for the security black eye it just took.
The agency last week discovered that a Medicaid employee inappropriately transferred personal information for 228,435 Medicaid beneficiaries to his personal e-mail account. Not only was it a blatant violation of agency policy, it also put the personal identities of nearly a quarter million Americans at risk.
Christopher Lykes Jr., 36, was arrested Thursday for allegedly committing the crime. Lykes, a project manager for the agency, was immediately terminated while law enforcement officials conducted their investigation. It is yet unclear what he planned to do with the information.
Blame the Browser
We asked Bill Morrow, executive chairman and CEO of Quarri Technologies, for his thoughts on the breach and what other organizations can learn from the internal theft. His first thought: Blame it on the browser.
"The risk of this type of transfer of confidential information by an employee is all too common at many organizations because they are increasingly using browsers as the primary platform for the delivery of information and making them the primary point of theft or data leakage," Morrow said.
As he has said before, standard Web browsers contain critical security gaps that create significant risks to organizations' confidential data, and online resources like Web mail and social networking sites can be open windows for data leakage. That sets the stage for a careless or malicious employee to easily steal company trade secrets, intellectual property or leak sensitive customer information.
"The end user is often the weakest link on any corporate network , since one malicious or unintentional click can lead to identity theft for hundreds of thousands of customers and patients," Morrow said. "It's critical for organizations dealing with sensitive data to enforce the use of a secure, hardened browser session for employees and customers that prevents unauthorized use and replication of confidential information by controlling malicious and careless end user behavior."
Personal Information at Risk
Customer, student, employee and patient information is most at risk for cyber attacks today, and defending that data is a top concern for IT professionals this year, according to the CDW national Data Loss Straw Poll. (continued...)
Posted: 2012-04-21 @ 2:51am PT
This is a sad commentary about this country. This man was no sloutch; he evidently worked most of his life and is now down on his luck. My only problem with Obama-care is that it didn't go far enough and fast enough. When any American dies because he or she can't afford health care... Should use "Penny Health" for insurance meanwhile.