BreachExchange mailing list archives
Re: [Follow-up] Vassar Brothers Medical Center
From: blitz <blitz () strikenet kicks-ass net>
Date: Thu, 08 Feb 2007 22:53:13 -0500
I'm afraid we may be seeing the tip of a new trend. When a company realizes its been breached, they merely hire an independent investigator to say they weren't, and buy a lot of insurance to cover it. If the incident "hasn't happened" then they should be able to still get enough insurance to CYA. In any case, I expect to see admissions mitigated a lot more frequently by similar dealings. Lie, CYA, and hope nothing comes of it. The majority apparently don't, so its a gamble for them with odds on their side. Perhaps... Noting less should be expected from corporations who if they gave a damn would of secured it properly in the first place. Its just more corporate slight-of-hand.
Grrr.... At 14:13 2/8/2007, Dissent wrote:
In August 2006, DL reported that Vassar Brothers Medical Center had reported a stolen laptop containing PII on almost 260k patients. Original story: http://attrition.org/dataloss/2006/08/vbmc01.html Vassar Brothers issued two letters to patients following that breach: http://www.poughkeepsiejournal.com/assets/pdf/BK3538482.PDF http://www.poughkeepsiejournal.com/assets/pdf/BK6060427.PDF Subsequently, Vassar Brothers retained Kroll to investigate the theft and missing data. They then issued a press release saying that based on Kroll's investigation of network server logs, the stolen laptop did not contain any identifying patient information. The Poughkeepsie Journal has been all over this breach and just published two more articles today, which dispute some of VBMC's reported statements: Official: Data installed as part of drills http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070208/BUSINESS/70207069/1003 and: Documents show patient data on stolen laptop http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070208/BUSINESS/70207079 -- Main site: http://www.pogowasright.org Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/datalossTracking more than 146 million compromised records in 566 incidents over 7 years.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 566 incidents over 7 years.
Current thread:
- [Follow-up] Vassar Brothers Medical Center Dissent (Feb 08)
- Re: [Follow-up] Vassar Brothers Medical Center Chris Walsh (Feb 08)
- Re: [Follow-up] Vassar Brothers Medical Center blitz (Feb 09)