US Government says sensitive Clinton Administration records missing

A small, 2 pound external hard drive used for routine recopying to preserve records is missing according to a document released today by the National Archives and Records Administration (NARA),
 
The two terabyte external hard drive, containing copies of Clinton Administration Executive Office of the President (EOP) data was last seen the first week of February.

Included missing is White House entry information or electronic address books. Also on the hard drive is personal identifying information (PII): names and social security numbers for former Clinton Administration staff and visitors to the White House complex.

The individuals involved in the potential breach will be notified by NARA.

NARA will offer a $50,000 reward for information that leads to the recovery of the drive.

Johns Hopkins Hospital – patient info may have been “leaked”

Johns Hopkins Hospitals’ recent suspected loss of patient info being leaked out is a wake-up notice to the 10,200 patients who may have been affected.

While most individuals worry about credit card and identity theft being ripped off by a faceless savvy thief through some sort of sophisticated trickery. Some thieves might even dive into your garbage to retrieve sensitive data thrown out carelessly. We’re constantly being urged to be careful with our sensitive data.

The warnings are of little help to the 10,200 former patients of Johns Hopkins Hospital who are being advised to be alert for any improper activity with their accounts and identity because of a former employee.

The Johns Hopkins incident is another example of the little attention being given to thievery committed through “secure database” breaches (see article here) or used equipment being resold without destroying sensitive information written to it (see article here).  

Law enforcement agencies and some victims began reporting to Johns Hopkins as early as January of identity theft. Some victims only association with Baltimore—where the theft activities were focused–was the Johns Hopkins Hospital.

Corporate security at Johns Hopkins has lead to the suspicion of one employee who worked in the patient registration area.

The information at risk in addition to insurance and physician information is social security number, name, address, telephone number, date of birth, names of mother and father.

The incident is still under investigation and no indictments have been issued.

- 30 -

The daily obscure NEWS update is now available here along with the update on swine flu H1N1 statistics from the WHO and CDC can be seen here

Personal information left on discarded equipment overlooked

In a recent study, a security measure was overlooked time and time again — personal information was left on discarded electronic equipment.

With the recent ransom of eight million patient records in Virginia from a secure site and identity theft at an all time high, it’s troubling to learn personal information is being left on discarded memory equipment.

A new research study of memory disks bought through computer auctions, computer fairs and eBay has uncovered an alarming amount of personal and corporate information left on computers.

Of  300 disks examined, 34% still held sensitive personal data that could identify the individual. Identifying commercial data was also found on the hard drives.

Information included bank account details, medical records, confidential business plans, financial company data, personal id numbers, job descriptions and even launch procedures for a US military missile air defense system.

The study was carried out by BT’s Security Research Centre in collaboration with the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US.

“Of significant concern is the number of large organizations that are still not disposing of confidential information in a secure manner. In the current financial climate they risk losing highly valuable propriety data,” said Professor Andrew Blyth, who is in charge of research at the University of Glamorgan.

Online patient record and prescription data held ransom

The Virginia Prescription Monitoring Program (PMP), which holds over eight million patient records on it’s secure site has been breeched and is being held for a $10 million ransom.

According to Wikileaks the Virginia Presciption site has been under ransom notice since April 30, 2009.

The ransom message states, “I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.”

According to Wikileaks, the PMP declined to comment and instantly referred inquiries to the director of the DHP, who is presently unavailable.

The issue was reported in the US Department of Homeland Security Daily Open Source Infrastructure Report today.