Return of the Guru

Lessons to be Learned from Massive Data Breach Lawsuit

Ara Trembly
Insurance Experts' Forum, November 29, 2011

As my readers well know, I have a habit of commenting on data security matters. And while some may claim I am overly concerned with the topic, I have a feeling that the 4.2 million patients who recently found out their personal information had been swiped might disagree.

SC Magazine has reported that at least some of those individuals affected by a data breach at Sutter Health have filed a class-action lawsuit against the Northern California-based company. The suit, filed in Sacramento Superior Court, claims that the company was negligent in securing its computer systems and in notifying victims about the incident.

According to the report, on October 17 the personal information of 4.2 million patients went missing due to the theft of an unencrypted desktop computer. Affected patients were not alerted until about a month later. The company wouldn't comment on the lawsuit but said it needed time to investigate the incident before notifying those affected. Last week, the company said it would expedite plans to encrypt all desktops.

There are several problems here, and since we all handle private and sensitive data daily, insurers and financial services entities should take note. First, there is the mere fact that the affected individuals weren’t made aware of the breach for a whole month. During that time, their information could have been bought and sold several times while the victims had no chance whatsoever to take measures to protect their privacy. Needless to say, this will not enhance the company’s standing with the courts, should the suit reach them.

Next, the company will now have all of its security measures scrutinized, so it must hope that it has been diligent in every area, because if not, this will hurt them in litigation. If you are in any way doubtful of the completeness and efficacy of your own system defenses and company security policies, this lawsuit should inspire you to do a security audit immediately. Putting a lock on the barn door after someone has already made off with your prize horses just won’t cut it.

Third, and perhaps most significant, is that all it took to start this avalanche of problems was a single desktop PC that hadn’t yet been encrypted. According to the report, the company was actually in the process of encrypting all of its portable and desktop units but hadn’t gotten to this particular one yet. Timing is everything. Did the thief just happen to snatch a unit that hadn’t been encrypted, or did the robber already know which ones were still vulnerable?

Either way, the buck stops at the company’s virtual desk. Hopefully the damages to patients are minimal, but what about the damage to Sutter’s reputation? Insurers trade more than ever on the quality of their reputations, which may prove to be the most damaging loss of all.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

On Thanking the Regulator … Really

The Financial Conduct Authority is demanding higher standards of consumer protection from insurers, which could lead to greater customer engagement and understanding.

Competing with the Coasts for Tech Talent

Are heartland-based insurers at a recruiting disadvantage for tech skills?

Putting Your Investments Where Your Transformation Is: Part 2: Optimizing Your IT Investments Portfolio

Sam Medina continues a 3-part series on Transforming the IT Investment Budget in order to fund new programs and initiatives without the necessity of additional capital expense.

Boosting Performance with Integrated Underwriting Tools

A unified, comprehensive platform can help underwriters perform their jobs more efficiently and profitably.

Apply Mindfulness to Leadership

Managers can benefit from applying this theory both to their career aspirations as well as to interactions and expectations of staff.

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

Advertisement

Advertisement