Re: GA: Security breach involves recent births - 140, 000 notified

[lyger <lyger () attrition org>]

And now for tonight's edition of "things that make you go 'hmm'..."

If the records didn't contain names or addresses, then how did the Georgia 
Department of Human Resources match up 140,000 medical records and SSNs of 
infants to their parents mailing addresses so quickly?  And if it wasn't 
"quickly", then how long did they know about the breach before the 
notification process began?

Yes, I know... there's them new-fangled things called "computers".  Am I 
missing something or might there be more to this than currently reported?


On Wed, 16 May 2007, Dave wrote:

": " http://www.ajc.com/metro/content/metro/stories/2007/05/16/0517meshrecords.html
": " http://health.state.ga.us/pdfs/message-20070514.pdf
": " 
": " by Gayle White
": " The Atlanta Journal-Constitution
": " Published on: 05/17/07
": " 
": " State officials are warning parents of 140,000 Georgia babies that a
": " security  lapse has exposed some of their personal and medical
": " information to the risk of  fraud.
": " 
": " The Georgia Department of Human Resources mailed letters Wednesday to
": " all  parents of infants born in Georgia between April 1, 2006, and
": " March 16, 2007,  saying that paper records containing their Social
": " Security numbers and  information about their medical histories were
": " improperly discarded.
": " 
": " The records do not contain names or addresses, said Stuart Brown,
": " director of  the state's Division of Public Health. He said there is
": " no evidence that  information from the records has been used
": " improperly.
": " 
": " [...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 208 million compromised records in 658 incidents over 7 years.