All the data security in the world doesn’t help if you don’t lock the damn door.
Medical and financial records of about 1.7 million people — mostly patients — from Jacobi Medical Center, North Central Bronx Hospital, Gunhill Health Center, and Tremont Health Center in New York’s The Bronx were stolen in December, iHealthbeat reported. The news is coming out now because the 1.7 million people are all receiving letters explaining the problem to them and offering them an information hot line, customer care centers, and free credit monitoring and fraud resolution services for one year if they register within the next 120 days, according to an article in the New York Times.
Was it a Russian hacker? Malware?
No, the problem is that the affected information was stored on magnetic data tapes left in an unlocked van belonging to GRM Information Management Services, the city’s health record vendor. The tapes were reportedly being moved to a “a secure storage location.”
It sounds like the punch line to a joke — the saying “Never underestimate the bandwidth of a station wagon full of mag tapes speeding down the highway” has been around since the 1990s. But apparently it’s all too real. The New York Health and Hospitals Corp. has since fired GRM and has filed suit against the company to hold it responsible for covering all damages related to the loss of the data.
NBC New York quoted an HHC spokeswoman as saying that there had been no reports of any access to the data, and that “highly specialized and technical expertise and certain tools” would be required for the thief to gain access to the data. Nonetheless, the organization is legally required to notify all the victims and take steps to mitigate any damages. (To add insult to injury, this was the third time the organization had been hit by theft, though the previous instances were much smaller.)
Lessons to be learned? The first step in storage and backup security is physical access, and that data loss is less often caused by hackers and viruses than is commonly believed.
Numerous government entities, ranging from local to national, use geographic information systems (GIS) software as a way of collecting and displaying information on a geographic basis. GIS performs a variety of jobs, including developing maps; tracking land development; and placing infrastructure such as roads, cell towers, and fire stations.
However, GIS files can be humongous. In Oregon, for example, the Oregon Geospatial Enterprise Office currently manages 4 TB of geospatial data on behalf of the enterprise GIS community in Oregon, which is expected to grow to nearly 15 TB of stored data in the next few years. The increasing size and cost of the storage required — as well as the people to manage it — are forcing a number of governments to look at moving GIS storage to the cloud, according to an article by Rutrell Yasin in Government Computer News.
Results are due today for a Request for Information submitted by the Western States Contracting Alliance, a consortium consisting of Alaska, Arizona, California, Colorado, Hawaii, Idaho, Minnesota, Montana, Nevada, New Mexico, Oregon, South Dakota, Utah, Washington, and Wyoming. This particular RFI was submitted by Montana, with active participation from the states of Colorado, Oregon, and Utah, but it may result in a desire to place some, or all, GIS services for the participating states in the cloud, the RFI said. In fact, this is potentially true for all 51 members (50 states plus District of Columbia) of the National Association of State Purchasing Officials (NASCO) Cooperative.
“Basically, it is our GIS folks who are saying storage is expensive” and want to find cheaper methods of storing GIS data, Utah CIO Stephen Fletcher was quoted as saying in the GCN article.
It didn’t take long for the question of “How did Egypt shut down the Internet?” to “Could it happen here?” and “What do we do if it does?”
To many people in U.S., the first inkling of trouble in Egypt was not from the political pages, but from Facebook, Twitter, and the press talking about the technical issues of the Egyptian government shutting down the Internet.
U.S. Senator Joe Lieberman (ID-Conn.) attempted to leverage the Egyptian situation as a means of encouraging interest in his own cybersecurity bill, which has been languishing in the U.S. Congress since June 2010 (and a previous version before that). While many media reports acted as though Lieberman’s action was new, it was the same old bill, and in fact no new actions have been taken on implementing the so-called internet kill switch in the U.S. — which, in fact, actually limits the authority to shut down the Internet that the President already has.
But for those panicked that President Barack Obama was planning to shut down the Internet, the Egyptian situation might have been a blessing a disguise. In the same way that “The Net interprets censorship as damage and routes around it,” as Internet pioneer John Gilmore put it in Time magazine in 1993, the Internet is likely to interpret attempts at government control the same way. Even during the week or less that the Egyptian Internet was down, people both inside and outside Egypt were looking for — and found — workarounds.
“All these alternative routes to the Internet popped up in less than five days,” said writer Mike Elgan. “The longer the shutdown dragged on, the more new ways to connect went online. It’s now clear that any sustained Internet shutdown could be circumvented no matter what.
Moreover, freedom-of-information advocates — and savvy companies — worldwide will learn from the Egyptian shutdown and construct services intended to circumvent future attempts, pundits said.
“Back before the internet, many of us early computer hobbyists networked on something called Fidonet. It was a simple peer-to-peer network where users’ computers would just call each other at night through their old-fashioned modems, exchange information and then move on. It was slow — e-mail could take a day or two to reach someone under this scheme — but it suggested a way of doing things independent of a centralized authority,” reminisced media theorist Douglas Rushkoff in CNN.
While this might require that we go back to dial-up Internet, it seems clear that the Egyptian incident will act as a wake-up call for anyone concerned about government Internet intervention.