Quantcast
Utah

Multiple 'mistakes' led to massive health data breach, director says

Ex-IT chief takes responsibility for 'human error'

Comments

Return To Article
  • JoeCapitalist2 Orem, UT
    May 17, 2012 8:27 a.m.

    How about we pass a law that says that the personal banking information of everyone in charge of securing vital health information must be stored right along side it. Do you think they would take a few extra precautions with sensitive data if they knew that a breach would result in hackers being able to access their PERSONAL accounts? Just maybe.

  • donburi South Jordan, UT
    May 17, 2012 2:50 p.m.

    "Two, three or four mistakes were made," VanOrden said.

    He then goes on to list SIX mistakes. It's scary to think the the person in charge of the data can't do simple counting.

    1. it is hard to expect employees to memorize at least 100 pages of policy. (employees did not know the policy)

    2. was not protected by a firewall as it was upgrading on March 10

    3. That server was also installed by an independent contractor more than a year ago, which is not typical protocol for the department

    4. A process to ensure that new servers are monitored and a risk assessment performed prior to use was not followed

    5. factory-issued default passwords were still in effect on the server, which is also not "routine."

    6. The final "mistake," he said, is that information stayed on the server for too long and while it was there, it was not encrypted