IDM & IAM Discussions - UMRAbuzz - Identity Management Discussion

Entries in access management (3)

Friday

Jul152011

Data Breach #3: Patient Records Stolen at Univ. of Maryland Medical Center

Friday, July 15, 2011 at 8:36AM

This breach outlines the dire consequences that can result when critical and extremely private personal data can be accessed by the wrong people. In this case, employees who had open access to not only confidential patient data, but also billing information, were able to steal account info and rob elderly and vulnerable victims.

The hospital contends that this was the result of a crime and not due to hospital procedures and this may be the case. But health care organizations are going to have to change policies quick to restrict access to this type of information, or these type of stories will only increase with dire results for patients and the hospital alike.

I contend that organizations should perform a review of their current identity management and protection policies to see how easy and how many employees could potentially compromise data, such as happened here at the University of Maryland Medical Center. I believe that an identity management solution that is well planned and implemented can allow health care organizations to restrict and monitor access to critical systems containing confidential information. In my own consulting work, I have heard from many security officers admissions of improper access; that too many people can easily access patient data. An organization without an identity management policy is giving a huge advantage to these criminals.

The story below is from the Baltimore Sun, July 14. http://www.baltimoresun.com/health/bs-md-identity-theft-20110714,0,3173292.story

For information on Tools4ever identity management solutions and how they can benefit any health care organization, please click here.

Drew Olson |

Data Breach #1: Eastern Michigan University

Thursday, March 24, 2011 at 11:14AM

Every now and then I will be posting news and information regarding critical violations in identity & data protection. The stories I will be posting will highlight examples, I believe, where a lack of an effective access management policy has contributed in part to the security breach.

My goal here is to highlight how frequently these attacks occur, to show where some of these vulnerabilities exist, and how costly the consequences can be. I do not aim to single out the failures of any one organization, but to stress the importance of identity management and access security.

Detroit News/March 11, 2011

EMU probes security breach of student data

Ypsilanti — Eastern Michigan University's Department of Public Safety is investigating a security breach involving the personal information of 45 students, EMU officials said.

Names, birth dates, and Social Security numbers were improperly accessed by two former student employees who worked in offices where they had access to student records, EMU officials said.

It was not immediately clear when the information was accessed or where it was sent. Public safety officials learned of the breach while investigating an unrelated matter in the last two weeks, said Walter Kraft, the university's vice president of communications.

Officials did not reveal in what offices the students worked but, according to a statement on the university's website, they "used that access to improperly copy and, in a few instances, transmit personal information of students or their dependents."

After the breach was discovered, "steps were immediately taken to identify the scope of the breach and remove the threat that further information could be improperly accessed" The student workers are no longer employed by the university. The students whose information was transmitted have been notified.

"If you did not receive notification, then based on our current information, we do not believe your records were involved," university officials said.

For information on identity theft, EMU students can go to http://www.emich.edu/securitybreach-march-2011/index.php.

From The Detroit News: http://detnews.com/article/20110311/SCHOOLS/103110395/EMU-probes-security-breach-of-student-data#ixzz1HXpbhpWY

For information on Tools4ever's identity & access management opportunities, visit http://www.tools4ever.com/solutions/

Drew Olson |

2 Comments |

1 Reference |

tagged

Eastern Michigan University,

access management,

data breach,

information security in

data breach,

identity management

Wednesday

Mar162011

Identity Management Questions for Today

Wednesday, March 16, 2011 at 6:32PM

I reread an article posted a few months ago by Mark Diodati titled "Rethinking Identity Management: Time to Erase the Tape?" and definitely suggest taking a look yourselves. The author posits that many of the common notions of the identity management do not fit into today's environment, especially with the relatively new issues of managing identity and access in cloud based applications.

This rethinking is necessary but will have consequences for those who have invested big dollars in IDM solutions or vendors who aren't adapting. Diodati asks four main questions that are still incredibly relevant and worth restating here:

How do we provide identity attributes to applications when (and only when) they need them?
How do we enable users to prove their identities while addressing privacy concerns and without needless repetition?
How do we ensure that users have appropriate access to sensitive information and how do we prove it?
How do we do these things in an agile, cost-effective manner?

So, with these questions in mind, how are you rethinking your identity management strategy?

Information on Tools4ever's approach to today's identity management issues can be found here: http://www.tools4ever.com/products/user-management-resource-administrator/features/

Drew Olson |