In more bad IT security news this week (see here and here, for instance), the Oklahoma State Department of Health (OSDHannounced yesterday that a laptop and 50 papers containing medical information on over 133,000 persons was stolen from an employee's car last week.

The press release at the OSDH web site says that:

"A database related to the Oklahoma Birth Defects Registry was on the computer. The Oklahoma Birth Defects Registry provides statewide surveillance of birth defects to reduce the prevalence of birth defects through prevention education, monitoring trends and analyzing data. The laptop was used to record data from hospital medical records."

The OSDH also said that, "We offer our apologies to those who may be affected," and that:

 "We are reviewing our administrative policies to strengthen safeguards to better protect the confidentiality of the data we collect. We recognize our obligation to make any changes that will ensure a similar incident cannot happen again."

This article at NewsOK gives a bit more detail about what information was taken, which included "names, addresses, Social Security numbers, medical information on birth defects, birth weight, test results, tribal membership and limited medical diagnoses."

Furthermore, the NewsOK article says OSDH doesn't know what else was on the laptop, and is now trying to figure if any other sensitive information was also compromised.

In addition, the article states that the information on the laptop was not encrypted, which OSDH says is required. The OSDH is now looking into whether the employee involved should be fired.

In other IT security-related news, a hard drive containing 93,500 patient records at the Midstate Medical Center in Meriden, Connecticut was reported last week as being "misplaced" by an employee. The Medical Center's press release states that the drive was discovered as missing on 15 February 2011 and that:

"The information contained on the device consisted of names, addresses, dates of birth, marital status, Social Security numbers and medical record numbers."

It also says that the Center "... is in the process of reviewing their policies and are taking steps to help ensure that this type of incident does not happen in the future."

Midstate Medical Center further regrets "any inconvenience" this incident causes.

There was also news this week that the security firm Barracuda Networks was successfully penetrated by a hacker over the weekend.

According to this CNETnews article, the hacker was able to gain access to several Barracuda databases that contained "... the names, phone numbers, and e-mail address of various Barracuda partners," as well as the "... e-mail addresses of different Barracuda employees along with their passwords."

There is more information on the hack at this blog post by Barracuda's Executive Vice President Michael Perone, who apologized  "for the inconvenience."

And finally, the huge Epsilon email hack seems to be larger than Epsilon has admitted to. The latest list of companies confirming that they have had their customer emails stolen looks to have reached over 100. Epsilon has been insisting that it was more like 50.

Epsilon has not commented on the apparent discrepancy.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}