The Kansas Department of Aging is cautioning clients that there was a data breach of members' information. A laptop computer, flash disk, and paper files were stolen from a state employee on January 12. It's quite apparent from what's floating in the media that the appropriate laptop encryption software and flash disk encryption software were not used.
According to kwch.com, a laptop computer and other media were stolen last week from a Kansas Department of Aging employee's car. The incident impacts 100 people who were part of the Senior Care Act program, who had their Social Security numbers compromised. An additional 7,000 seniors, including participants in the Older American Act program, were also affected. While their SSNs were not involved, other personal information was stolen, such as names, addresses, dates of birth, gender, service information, Medicaid identification numbers, and case management information. Financial information was not included. As I noted at the top, there is no mention of how the information was secured. In this day and age, not mentioning how data was protected generally tends to mean that data security protection was not used, especially when combined with pleas to keep an eye out for "unusual activities."
According to kwch.com, a laptop computer and other media were stolen last week from a Kansas Department of Aging employee's car. The incident impacts 100 people who were part of the Senior Care Act program, who had their Social Security numbers compromised.
An additional 7,000 seniors, including participants in the Older American Act program, were also affected. While their SSNs were not involved, other personal information was stolen, such as names, addresses, dates of birth, gender, service information, Medicaid identification numbers, and case management information. Financial information was not included.
As I noted at the top, there is no mention of how the information was secured. In this day and age, not mentioning how data was protected generally tends to mean that data security protection was not used, especially when combined with pleas to keep an eye out for "unusual activities."
This is not the first time I've come across a story where some department, agency, or division involving the elderly has been caught in a data breach. There was this one involving 21,000 Pennsylvania senior citizens, this other one in Ohio, and this one in North Carolina. In each of the above cases, the affected numbered in the tens of thousands. The stolen devices generally were designed for portability. It doesn't take a genius to figure out that Tens of thousands of sensitive data points + unsecured data device = bad idea And yet, here we are, a little over four years after I've blogged my first "Aging" data breach post, rehashing the same story involving different people in a different place but under similar circumstances. How long does the insanity have to go on before something is done about it?
This is not the first time I've come across a story where some department, agency, or division involving the elderly has been caught in a data breach. There was this one involving 21,000 Pennsylvania senior citizens, this other one in Ohio, and this one in North Carolina.
In each of the above cases, the affected numbered in the tens of thousands. The stolen devices generally were designed for portability. It doesn't take a genius to figure out that
Tens of thousands of sensitive data points + unsecured data device = bad idea
And yet, here we are, a little over four years after I've blogged my first "Aging" data breach post, rehashing the same story involving different people in a different place but under similar circumstances. How long does the insanity have to go on before something is done about it?
Related Articles and Sites:http://www.kwch.com/news/kwch-news-kah-personal-information-stolen-from-ks-department-of-aging-20120119,0,3335860.storyhttp://www.kansascity.com/2012/01/19/3380187/personal-data-stolen-from-kansas.htmlhttp://www.kake.com/news/headlines/KDOA_Investigating_Security_Breach_137694528.htmlhttp://www.kansas.com/2012/01/19/2181808/department-of-aging-files-taken.html