Utah Health Department – Yet Another Flashdrive FAIL (YAFF)
I think we need to have an industry acronym now that this seems to happen every week. My proposals:
- Yet Another USB Breach (YAUB)
- Blame A Thumbdrive (BLAT)
- Yet Another Flashdrive Fail (YAFF)
I like the YAFF one best, so I’m going with that, even though the #FAIL really isn’t in the hardware, but in the abuse of policy and hardware to cause a data breach.
This week’s YAFF announcement comes again from Utah, where a contractor with access to sensitive health data lost a USB flash drive somewhere between Salt Lake City, Denver, and Washington, DC.
What’s different about this news story is that we get more insight as to why that data was on a portable device. And it’s just as I prognosticated in a previous post: the contractor was frustrated with an infrastructure issues.
The contractor, Goold Health Systems, handles Medicaid pharmacy transactions for the Health Department.Department spokesman Tom Hudachko said the GHS employee, identified only as a woman from Denver, was having trouble with an Internet connection Thursday while trying to upload the data to a server. The employee saved the personal information to an unencrypted USB memory stick and left the Health Department with the device. The employee lost the stick sometime in the following days while traveling between Salt Lake City, Denver and Washington, D.C.
(emphasis mine)
via Utah health department reports another data breach | NewsOK.com.
The contractor lost her job over this.
People Forget Policy When They Are Frustrated or Stressed
I once found a QA contractor cursing at his computer because he was having trouble sending a large file via his Hotmail account. I offered to help. When he showed me what he was doing I just about had a heart attack. He had been trying to send our offshore contractor a copy of a production database backup. This backup contained names, addresses, phone numbers, credit card information (no, the legacy system shouldn’t have been storing this information, but it did), SSNs, Driver’s license numbers and other forms of ID. It was an identity theft treasure chest of awesome.
When I asked him why he was trying email this information to our offshore contractor he said he was frustrated that corporate email system would not let him email such a large file.
He told me the only reason he did this was that he had to get the bug logged and fixed before the weekend because he had plans to be away. He also forgot that production data was never supposed to leave the building. I’m not sure he ever really felt that what he was doing was wrong, or had any idea why emailing sensitive data was wrong.
The other shock I got was that it was a production DBA who had given him the backup. When I asked the DBA why he did this without even asking what it was for, he said "I was really busy and didn’t have time."
I wonder just how many times this scenario plays out every day in offices around the world.
Love your data, even when you are stressed. Especially when you are stressed.
2 Comments
Subscribe via E-mail
Recent Comments
Categories
Downloads
- favicon
- 476275616.jpg
- favicon
- Refactoring Computer Engineer Barbie
- 10 Things I Hate About Interviewing with You
- EDW 2013 Karen Lopez Get Blogging
- Karen Lopez presentation DAMA PS 2012
- Data Modeling Contentious Issues - DAMA Nebraska
- Karen Lopez - 10 Physical Blunders - DAMA
- Career Success In Data Profession - DAMA
- The Straw Poll
- You've Just Inherited a Data Model CheckList
- KarenLopez - 5 Physical Blunders - 24HOP-2011
- Handouts for OEMUG / CA Global Modeling User Group Why Be Normal Webcast
- Handouts Database Design Contentious Issues - New York 2010
- Handouts Database Design Contentious Issues - DC 2010
Archive
Recent Posts
Archives
- October 2019
- November 2018
- May 2018
- April 2018
- December 2017
- August 2017
- September 2016
- August 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- September 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- September 2010
- August 2010
- July 2010
- February 2009
[…] All these data breaches are coming so fast it’s hard to keep up. In this report, we have another YAFF. In this case, a portable hard drive being used as a backup […]
[…] day it seems a new story comes out regarding data theft, data security, and data breaches. It’s like we are back in 1972 again, except without the bell-bottom […]