Comments about ‘Multiple 'mistakes' led to massive health data breach, director says’

Return to article »

Ex-IT chief takes responsibility for 'human error'

Published: Wednesday, May 16 2012 6:00 p.m. MDT

  • Oldest first
  • Newest first
  • Most recommended
Orem, UT

How about we pass a law that says that the personal banking information of everyone in charge of securing vital health information must be stored right along side it. Do you think they would take a few extra precautions with sensitive data if they knew that a breach would result in hackers being able to access their PERSONAL accounts? Just maybe.

South Jordan, UT

"Two, three or four mistakes were made," VanOrden said.

He then goes on to list SIX mistakes. It's scary to think the the person in charge of the data can't do simple counting.

1. it is hard to expect employees to memorize at least 100 pages of policy. (employees did not know the policy)

2. was not protected by a firewall as it was upgrading on March 10

3. That server was also installed by an independent contractor more than a year ago, which is not typical protocol for the department

4. A process to ensure that new servers are monitored and a risk assessment performed prior to use was not followed

5. factory-issued default passwords were still in effect on the server, which is also not "routine."

6. The final "mistake," he said, is that information stayed on the server for too long and while it was there, it was not encrypted

to comment

DeseretNews.com encourages a civil dialogue among its readers. We welcome your thoughtful comments.
About comments