Is A Data Breach A Life Or Death Situation?
2012-12-13 by eabsetz
The first case is the data breach at King Edward VII Hospital on December 4, 2012. Two Australian radio show hosts prank called the hospital in a joking attempt to get information on the condition of the Duchess of Cambridge. To their surprise the nurse, who answered the phone, fell for the hoax and provided them with information on the Duchess's condition and care. Last Friday, Jacintha Saldanha, the 46 year old nurse who provided the information, committed suicide just two days after news of the breach was released.
The second case involves a data breach that occurred September 28, 2012 at the University of Georgia. A former student gained unauthorized access to a server containing 8,500 former and current employees' names, Social Security numbers, and other sensitive information. Still in the midst of investigation, police announced on Tuesday that Charles Stapler Stell, the 26 year old behind the data breach, passed away with no indication of foul play and most likely the result of suicide.
In these two cases, the data breaches and their consequences appeared to have pushed these individuals into a life or death decision. As the importance of privacy and security breaches increases, we have now seen there are potential ramifications to the people involved, more than just notification and credit monitoring.
As breaches unfortunately become more commonplace, organizations impacted should ensure that they not only have a response plan for dealing with the incident, but also how to constructively handle any employees at fault. While discipline from HR may be on the agenda, organizations need to ensure the wellbeing of their employees as they process their actions.
References:
http://www.bizjournals.com/atlanta/news/2012/12/11/uga-dead-former-student-responsible.html
http://www.telegraph.co.uk/news/9730305/Statement-from-the-King-Edward-VIIs-Hospital-on-the-death-of-nurse-Jacintha-Saldanha.html
COMMENTS
by Anonymous on 2012-12-13 (5 months ago)
A data breach absolutely can cause death. Think medical identity theft. There was a case where a man's insurance information was stolen. The identity thief got free medical services, and the *thief's* diabetic condition was saved to the *victim's* record. Unrelated, the victim later had a heart attack and was rushed to the hospital. Doctors saw from his record that the victim was diabetic, but of course it was the thief that was diabetic. The problem is that Doctors will treat diabetic heart attack patients differently. Fortunately in this case, the error was caught, but this could have resulted in different, potentially less effective emergency treatment. I'm sorry that I don't have references, but if you Google "Medical Identity Theft" you should be able to find it.
by Anonymous on 2012-12-13 (5 months ago)
It seems important not to get hung up on only safeguarding the well-being of those employees participating in data breaches; At least an equal importance has to be attached to the well-being of those affected by their data being lost/leaked/unlawfully accessed.
An extreme but factual example of one of those breaches would be where a young woman was murdered by her ex-boyfriend soon after he unlawfully obtained the details of the keeper of a motor vehicles registered keeper — who was her new boyfriend. Rumour had it that he was arrested enroute to the new boyfriends address, but not having been involved in that part of the case I was unable to corroborate that.
Sensitivity about the well-being of all those involved in any data breach is required if ongoing problems following them are to be minimised.
by Dissent [DataLoss Archaeologist] on 2012-12-17 (5 months ago)
A third example of life or death situation resulting from a breach: patients at a Zambian cancer hospital faced increased risk of death after computers with all of their medical and treatment records were stolen and doctors couldn't operate or treat them without the information in those records:
http://www.lusakatimes.com/2012/10/05/cancer-patients-risk-thieves-steal-computers-medical-records/
Back
Breach Types:
- Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
- Disposal Mobile | Email | Fax | Fraud Se
- Hack | Lost Computer | Lost Document | Lost Drive
- Lost Laptop | Lost Media | Lost Mobile | Lost Tape
- Missing Document | Missing Drive | Missing Laptop | Missing Media
- Seizure | Skimming | Snail Mail | Snooping
- Stolen Computer | Stolen Document | Stolen Drive | Stolen Laptop
- Stolen Media | Stolen Mobile | Stolen Tape | Unknown
- Virus | Web |
