The December 2022 issue of IEEE Spectrum is here!

Close bar

The Blue Cross and Blue Shield Association (BCBS), a trade group for US Blue Cross health insurance plans, admitted last week that an employee's personal laptop that was stolen from his car contained business and personal information on some 800,000 practicing physicians - virtually the entire number practicing in the US.

(According to the 2006 US census data, there were 800,586 practicing physicians in the US).

The information contained physician names, addresses, health provider and tax id numbers, and for some 170,000 doctors, their Social Security numbers as well, a report in SC Magazine says.

The BCBS Association said the employee whose laptop was stolen "broke protocol", according to a story in today's Chicago Tribune,  by downloading the information to his personal laptop from a central provider data repository.

The data downloaded onto the laptop was not encrypted.

If the data had been downloaded to a BCBS Association owned-computer, then the data would have been encrypted, a BCBS Association spokesperson said.

The BCBS Association said that they don't think the physician data has or will be misused since the theft appeared to be a random act, but that doctors should monitor their credit anyway, the Tribune story notes.The Association is also offering credit monitoring to those who had their Social Security numbers compromised.

It expressed all the usual regrets as well, and that it currently reviewing its laptop policies.

Not that it will likely do any good, as the next story indicates.

Also expressing its regrets is the Virginia Department of Education, according to the Washington Post, which announced yesterday that a 2 gigabyte flash drive containing the names, Social Security numbers and employment and demographic information of 103,270 former adult education students in Virginia has been reported missing.

Just like the Blue Cross and Blue Shield Association, the Virginia Department of Education says that it doesn't believe the information - which covers all students who finished an adult education course in Virginia from April 2007 through June 2009 or who passed a high school equivalency test between January 2001 and June 2009 - is being misused.

The information, which - surprise, surprise - was also not encrypted, was given, says the Post, by a Virginia Education Department employee to a representative of Virginia Tech'sCenter for Assessment Evaluation and Educational Programming during a Sept. 21 meeting in Richmond. The information was to be used for federally mandated research the center is conducting.

The Superintendent of Public Instruction Patricia I. Wright insists that her department views protecting the privacy of students as a "solemn obligation."

Most assuredly.

That must be why it took over three weeks to publicly announce the loss of the drive (it was reported missing on 22 September).

Superintendent Wright also said that the Virginia Department of Education "has policies and secure systems to safeguard data and prevent the loss or misuse of personal information. However, no policy or system is immune from human error."

Or in the BCBS Association incident, human laziness, carelessness, etc..

Nevertheless, I wonder if those policies will be reviewed anyway. At least it makes it look like you care.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}