[ISN] Discarded computer had confidential medical information

From: InfoSec News (isnat_private)
Date: Fri Feb 07 2003 - 00:41:44 PST

  • Next message: InfoSec News: "[ISN] Bush reportedly orders cyber-warfare plan"

    http://www.nola.com/newsflash/topstory/index.ssf?/newsflash/get_story.ssf?/cgi-free/getstory_ssf.cgi?a0741_BC_ComputerSecurity&&news&newsflash-topstory
    
    By CHARLES WOLFE
    The Associated Press
    2/6/03 5:34 PM
    
    FRANKFORT, Ky. (AP) -- A state computer put up for sale as surplus 
    contained confidential files naming thousands of people with AIDS and 
    other sexually transmitted diseases, the state auditor said Thursday. 
    
    "This is significant data. It's a lot of information with lots of 
    names and things like (the numbers of) sexual partners of those who 
    are diagnosed with AIDS," Auditor Ed Hatchett said. "It's a terrible 
    security breach." 
    
    The computer, which had been awaiting sale at the state's 
    surplus-property office, never left state custody, Hatchett said. 
    
    It was one of eight computers the auditor's office had randomly 
    selected from a consignment that was being offered to state agencies 
    and nonprofit groups. Hatchett's office, which routinely conducts such 
    checks, paid $25 each for the computers, which would have been offered 
    to the public if they had gone unsold. 
    
    Health Services Secretary Marcia Morgan said the computer, used from 
    1995 to 1999, came from an agency she oversees involved with 
    counseling on sexually transmitted diseases and HIV, the virus that 
    causes AIDS. 
    
    Morgan said the computer's hard drive was thought to have been wiped 
    clean when it was shipped off for sale late last year. She has ordered 
    an internal investigation into the breach. 
    
    B.J. Bellamy, the auditor's chief information officer, said the hard 
    drive appeared to contain several thousand individual files. Sex 
    partners of the individuals are counted but not named, he said. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Feb 07 2003 - 03:07:55 PST