Sunday, October 04, 2009

The federal health care database that will hold all of the most sensitive, personal medical data for 300 million Americans

In August of 2008, a Consumer Reports investigation revealed that the federal government is among the worst offenders when it comes to data breaches.

CR analyzed records of publicly reported data breaches compiled by the nonprofit Privacy Rights Clearinghouse and found that more than 230 security lapses by federal, state, and local government from 2005 through mid-June 2008 resulted in the loss or exposure of at least 44 million consumer records containing Social Security or driver license numbers and other personal data.

In late 2006, the House Committee on Government Reform issued a report entitled "AGENCY DATA BREACHES SINCE JANUARY 1, 2003". The conclusion of the report was as disturbing as it was terse.

Taken as a whole, the agency reports outline hundreds of instances of data breaches involving sensitive personal information since January 1, 2003. The reports show a wide range of incidents, involving employee carelessness, contractor misconduct, and third-party thefts. The number of individuals affected in each incident ranges from one to millions. However, in many cases, the agency does not know what information was lost or how many individuals potentially could be affected. Few of these incidents have been reported publicly, and it is unclear in many cases whether affected individuals have been notified or whether remedial action has been taken.

Data held by Federal agencies remains at risk. In many cases, agencies do not know what information they have, who has access to the information, and what devices containing information have been lost, stolen, or misplaced. In addition, in almost all of the reported cases, Congress and the public would not have learned of each event unless the Committee had requested this information.

Finally, each year, the Committee releases information security scorecards. This year the scores for many departments remained low or dropped precipitously. The federal government overall received a D+.

Among the incidents the report described:

• A laptop containing personal information on 30,000 applicants/LEADS, recruiters, and prospects fell off a motorcycle belonging to a Navy recruiter.

• A CD containing 30,000 veterans’ names and addresses was lost by a Government Printing Office subcontractor.

• A thumb drive containing personal records on approximately 207,570 enlisted Marines who served between the years of 2001 to 2005 was lost. A notification letter was sent to the affected individuals and the Marine Corps.

• A systems administrator discovered potential unauthorized access to the Air Force Personnel Center Assignment Management System containing personal information on 33,000 military members.

Other, more recent incidents of note include:

Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach, sparking identity theft concerns and an investigation by the Army.

The IRS hired a firm that had experienced several serious data breaches of customer information to manage and secure sensitive data.

Feel better about that giant database of sensitive health care information that the tax-and-spend Democrats want to create when they nationalize health care?

The feds holding your family's most personal information?

What could possibly go wrong?

Update: Clarice Feldman writes: "What, indeed? And then there's the inclination of so many to spy on their political opponents and their families."

No comments: