HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 6 MINUTES AGO.
You are here: Home / Network Security / Worker Data Theft Highlighted in S.C.
S.C. Medicaid Breach Shines Light on Employee Data Theft
S.C. Medicaid Breach Shines Light on Employee Data Theft
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
20
2012



This time it wasn't Anonymous or some other hacking group trying to make a name for itself. The South Carolina Department of Health and Human Services can blame one of its own for the security black eye it just took.

The agency last week discovered that a Medicaid employee inappropriately transferred personal information for 228,435 Medicaid beneficiaries to his personal e-mail account. Not only was it a blatant violation of agency policy, it also put the personal identities of nearly a quarter million Americans at risk.

Christopher Lykes Jr., 36, was arrested Thursday for allegedly committing the crime. Lykes, a project manager for the agency, was immediately terminated while law enforcement officials conducted their investigation. It is yet unclear what he planned to do with the information.

Blame the Browser

We asked Bill Morrow, executive chairman and CEO of Quarri Technologies, for his thoughts on the breach and what other organizations can learn from the internal theft. His first thought: Blame it on the browser.

"The risk of this type of transfer of confidential information by an employee is all too common at many organizations because they are increasingly using browsers as the primary platform for the delivery of information and making them the primary point of theft or data leakage," Morrow said.

As he has said before, standard Web browsers contain critical security gaps that create significant risks to organizations' confidential data, and online resources like Web mail and social networking sites can be open windows for data leakage. That sets the stage for a careless or malicious employee to easily steal company trade secrets, intellectual property or leak sensitive Relevant Products/Services information.

"The end user is often the weakest link on any corporate network, since one malicious or unintentional click can lead to identity theft for hundreds of thousands of customers and patients," Morrow said. "It's critical for organizations dealing with sensitive data to enforce the use of a secure, hardened browser session for employees and customers that prevents unauthorized use and replication of confidential information by controlling malicious and careless end user behavior."

Personal Information at Risk

Customer, student, employee and patient information is most at risk for cyber attacks today, and defending that data is a top concern for IT professionals this year, according to the CDW national Data Loss Straw Poll.

Data loss comes at a cost. A Ponemon Institute study published in March reveals that organizations suffering a data loss in 2011 paid an average of $5.5 million per breach, which translates into an average of $194 per record lost.

"The damage resulting from data loss -- to the bottom line and to an organization's reputation -- is very real," said Christine Holloway, vice president of converged infrastructure solutions at CDW. "Perhaps it should come as no surprise that IT professionals view data loss as the greatest business risk to organizations this year. As tele-work and access to Relevant Products/Services computing grows, preventing data loss is increasingly important -- and increasingly complex."

According to the survey, the number of people accessing business networks increased by an average of 41 percent during the last two years. Inadequate security policies contribute to security challenges. While most organizations allow employees to access their networks with personal mobile devices, security policies for employee-owned devices are often less strict than for employer-owned devices. Twenty-seven percent of IT professionals said they do not have security policies for employee-owned mobile devices.

"No organization appears to be immune from data loss -- blue-chip companies, small business, schools and governments have been affected," said Rick Hanson, senior director of Relevant Products/Services at Symantec. "Prevention is essential. Organizations that layer security solutions to address network endpoints, data at rest and data in motion are more aware of potential security threats, less susceptible to breaches and better able to respond when a breach occurs."

Tell Us What You Think
Comment:

Name:

williamcolliers:
Posted: 2012-04-21 @ 2:51am PT
This is a sad commentary about this country. This man was no sloutch; he evidently worked most of his life and is now down on his luck. My only problem with Obama-care is that it didn't go far enough and fast enough. When any American dies because he or she can't afford health care... Should use "Penny Health" for insurance meanwhile.

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
It could be the biggest Apple hack ever. More than 225,000 valid iPhone accounts have been compromised and thousands of certificates, private keys, and purchasing receipts stolen.

ENTERPRISE HARDWARE SPOTLIGHT
Is Windows 10 killing the PC market? Something is going on. IDC predicts worldwide PC shipments will fall 8.7 percent in 2015 -- and shipments aren’t expected to stabilize until 2017.

MOBILE TECHNOLOGY SPOTLIGHT
Set to be officially unveiled Thursday at the IFA 2015 consumer electronics show in Berlin, Samsung's new Gear S2 smart watch will let users make quick voice calls without having to link to nearby smartphones.

NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.