Monday, July 20, 2009

The UCSD and Kaiser breaches

Have not talked much about any specific breach in a while, but this one caught my eye. Apparently the hotline for a hospital that had a breach was swamped with folks trying to understand what happened and whether they were at risk. UCSD had a breach of about 30,000 records, when an external attacker was able to pry through the defenses.

I was beginning to get concerned that folks were not in the least (concerned that is)! Apparently they still do care when their personal information gets out there - but, as is the case all the time, it has to get personal. In fact they were concerned enough to swamp the hospital with calls!

Which brings me to the benefits of small amounts of money, spent judiciously on the right security programs. Even if the cost of losing 30K records was a minimal of $30 bucks per record (including the costs of notification, credit monitoring, legal fees etc), its still nearly a whopping million dollars! A lot of moolah to be sure..

Which brings me to the Kaiser breach - the judge saw it prudent to smack the hospital on its wrists with a fine of $187K. Not a large fine in the context of a hospital, but something to say it is serious about preventing lax management of records.

No comments: