Juggling data security responsibilities

Major firms across industries have recently disclosed substantial breaches of personal data.  One of the largest pharmacy service providers in the US, PharMerica, has revealed that hackers were able to access the data of around 6 million patients.  PharMerica initially discovered suspicious activity on their network in March.  Names, dates of birth, Social Security numbers, medication and health insurance information were among the compromised data. 

More is likely, however, as samples of the data seem to include the protected health information (PHI) of at least 100 patients, including Medicare and information about mental health issues.  PharMerica has since notified the affected patients, and offered some vague intentions about efforts to reduce a repeat in the future.  According to TechCrunch, with 6 million patients, this is the largest healthcare data breach of the year thus far.

In other news, a smaller but not insignificant number of former and current government employees (237,000) had their data exposed by a breach at the US Department of Transportation (DoT).  Specifically, a computer system used by the department to reimburse federal employees’ commuting costs failed to protect the data, as it has informed Congress.  Based on a recent report from the US Government Accountability Office (GAO), it does not appear that the DoT followed through in implementing certain recommended practices for best cybersecurity hygiene. 

As a result, many priority fixes remain unresolved, such as a workforce shortage, lack of oversight, and unfulfilled roles, which likely contributed to the security incident.  One example, says GAO director Jennifer Franks, is that “there are no senior officials responsible for privacy who manage the documentation for privacy matters.”

In the end, failure to adopt a more rigorous stance against data breaches led the DoT to hot water.

Toyota, meanwhile, has recently confirmed its own breach.  The vehicle data of 2.15 million people in Japan had been exposed and was accessible to the public for a whole decade.  Human error is the culprit in this case.  All it took was accidentally setting the data to public view, and you’ve got drivers’ data sitting there for 10 long years.  No malicious use has been reported yet, though with such a duration it may take some time to know for sure.

Whether through cybercrime, substandard security frameworks, or a simple oversight, data breaches come in all varieties, and any organizations that handle personal data must not be caught wanting in any of these areas.  NetLib Security’s powerful Encryptionizer solution can assist on this front, offering out-of-the-box, transparent data encryption to render sensitive data useless to any who would access it, intentionally or otherwise.  With no additional programming or impact on performance, let Encryptionizer aid you in your juggling act.


By: Jonathan Weicher, post on May 24, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security