Is A Data Breach A Life Or Death Situation?

2012-12-13 by eabsetz Life-and-death

Most people would agree that security is important; however, many would have a hard time saying that a data breach could be a life or death situation. Sadly, in the past few weeks there have been two cases that may qualify for that characterization in the news.

The first case is the data breach at King Edward VII Hospital on December 4, 2012. Two Australian radio show hosts prank called the hospital in a joking attempt to get information on the condition of the Duchess of Cambridge. To their surprise the nurse, who answered the phone, fell for the hoax and provided them with information on the Duchess's condition and care. Last Friday, Jacintha Saldanha, the 46 year old nurse who provided the information, committed suicide just two days after news of the breach was released.

The second case involves a data breach that occurred September 28, 2012 at the University of Georgia. A former student gained unauthorized access to a server containing 8,500 former and current employees' names, Social Security numbers, and other sensitive information. Still in the midst of investigation, police announced on Tuesday that Charles Stapler Stell, the 26 year old behind the data breach, passed away with no indication of foul play and most likely the result of suicide.

In these two cases, the data breaches and their consequences appeared to have pushed these individuals into a life or death decision. As the importance of privacy and security breaches increases, we have now seen there are potential ramifications to the people involved, more than just notification and credit monitoring.

As breaches unfortunately become more commonplace, organizations impacted should ensure that they not only have a response plan for dealing with the incident, but also how to constructively handle any employees at fault. While discipline from HR may be on the agenda, organizations need to ensure the wellbeing of their employees as they process their actions.



by Anonymous on 2012-12-13 (over 1 year ago)

A data breach absolutely can cause death. Think medical identity theft. There was a case where a man's insurance information was stolen. The identity thief got free medical services, and the *thief's* diabetic condition was saved to the *victim's* record. Unrelated, the victim later had a heart attack and was rushed to the hospital. Doctors saw from his record that the victim was diabetic, but of course it was the thief that was diabetic. The problem is that Doctors will treat diabetic heart attack patients differently. Fortunately in this case, the error was caught, but this could have resulted in different, potentially less effective emergency treatment. I'm sorry that I don't have references, but if you Google "Medical Identity Theft" you should be able to find it.

by Anonymous on 2012-12-13 (over 1 year ago)

It seems important not to get hung up on only safeguarding the well-being of those employees participating in data breaches; At least an equal importance has to be attached to the well-being of those affected by their data being lost/leaked/unlawfully accessed.

An extreme but factual example of one of those breaches would be where a young woman was murdered by her ex-boyfriend soon after he unlawfully obtained the details of the keeper of a motor vehicles registered keeper — who was her new boyfriend. Rumour had it that he was arrested enroute to the new boyfriends address, but not having been involved in that part of the case I was unable to corroborate that.

Sensitivity about the well-being of all those involved in any data breach is required if ongoing problems following them are to be minimised.

by Dissent [DataLoss Archaeologist] on 2012-12-17 (over 1 year ago)

A third example of life or death situation resulting from a breach: patients at a Zambian cancer hospital faced increased risk of death after computers with all of their medical and treatment records were stolen and doctors couldn't operate or treat them without the information in those records:

New Comment

Are you human?

Sponsored By: Rbs Zecurion
Use of the DataLossDB, and its exports, RSS feeds, reports, or other materials produced on this site by the Open Security Foundation requires authorization and potential licensing arrangements. For more information, please e-mail [email protected] with a brief summary of how you would like to use this information; product, service, research, etc.
© 2005 - 2014, Open Security Foundation, All Rights Reserved.