Computers Stolen in Ohio with 72,000 Medicaid Subscribers' Personal Info

Midwest News • June 6, 2006

Laptop computers with personal information on 72,000 Ohio Medicaid recipients were stolen from a private managed care agency in Ohio, according to an Associated Press account. Officials with ...

Back to article

Insurance Journal is not responsible for the content of the message below.

Subject: Passwords are not a form of security

Posted On: June 11, 2006, 2:43 am CDT

Posted By: George Toft

Comment:

It takes about 2 minutes to change the Windows local Administrator password using easily obtainable tools on the Internet. Personal data should be encrypted. Period. It's not that hard - there are several drive and file encryption tools available and this should be considered minimum level of due care. Unfortunately, encrypting data is not a HIPAA requirement, even though it should be.

If you store your customer's information, it should be protected against theft. Both HIPAA and Gramm-Leach-Bliley Act require risk assessments to be performed by the company. Theft is a credible threat and must be addressed in the risk assessment.

George Toft, CISSP
Chief Security Officer
My IT Department
www.myITaz.com

Subject	Posted By	Posted On
Has Anyone Used certmagic For Cissp?, CISSP	gihama	Dec 20, 2006, 7:58 am
Passwords are not a form of security	George Toft	Jun 11, 2006, 2:43 am
Back to article

Computers Stolen in Ohio with 72,000 Medicaid Subscribers' Personal Info

Subject: Passwords are not a form of security

Post a Comment

Free Newsletters

Related Products & Services

Most Popular Articles: This Week

Insurance Industry Yellow Pages

Market Directories