Ex-IT chief takes responsibility for 'human error'
How about we pass a law that says that the personal banking information of
everyone in charge of securing vital health information must be stored right
along side it. Do you think they would take a few extra precautions with
sensitive data if they knew that a breach would result in hackers being able to
access their PERSONAL accounts? Just maybe.
"Two, three or four mistakes were made," VanOrden said.He
then goes on to list SIX mistakes. It's scary to think the the person in
charge of the data can't do simple counting.1. it is hard to
expect employees to memorize at least 100 pages of policy. (employees did not
know the policy)2. was not protected by a firewall as it was
upgrading on March 103. That server was also installed by an
independent contractor more than a year ago, which is not typical protocol for
the department4. A process to ensure that new servers are monitored
and a risk assessment performed prior to use was not followed5.
factory-issued default passwords were still in effect on the server, which is
also not "routine."6. The final "mistake," he said,
is that information stayed on the server for too long and while it was there, it
was not encrypted