I was browsing the latest information security incidents and noticed one from my home state of Delaware. The State of Delaware was affected by an information security incident due to careless data disclosure from their 3rd party service provider Aon Consulting. The end result was data disclosure of 22,000 state employees, putting them at a greater risk for identity theft. Since the data was related to health and benefits information the disclosure falls under the HIPAA regulations. Aon Consulting is notifying the individuals affected and offering credit protection services to those affected to help minimize the damage.
Lessons Learned from this Information Security Incident
- Even if you do everything right from an information security standpoint your services providers must have a similar mindset and do likewise.
- Think twice about providing sensitive data to 3rd party providers that likely have no specific need of that data
- Regularly review your site for content that should not be disclosed (or even better do proactive reviews prior to making the information available on-line.