Discarded computer had confidential medical information

[InfoSec News <isn () c4i org>]

http://www.nola.com/newsflash/topstory/index.ssf?/newsflash/get_story.ssf?/cgi-free/getstory_ssf.cgi?a0741_BC_ComputerSecurity&&news&newsflash-topstory

By CHARLES WOLFE
The Associated Press
2/6/03 5:34 PM

FRANKFORT, Ky. (AP) -- A state computer put up for sale as surplus 
contained confidential files naming thousands of people with AIDS and 
other sexually transmitted diseases, the state auditor said Thursday. 

"This is significant data. It's a lot of information with lots of 
names and things like (the numbers of) sexual partners of those who 
are diagnosed with AIDS," Auditor Ed Hatchett said. "It's a terrible 
security breach." 

The computer, which had been awaiting sale at the state's 
surplus-property office, never left state custody, Hatchett said. 

It was one of eight computers the auditor's office had randomly 
selected from a consignment that was being offered to state agencies 
and nonprofit groups. Hatchett's office, which routinely conducts such 
checks, paid $25 each for the computers, which would have been offered 
to the public if they had gone unsold. 

Health Services Secretary Marcia Morgan said the computer, used from 
1995 to 1999, came from an agency she oversees involved with 
counseling on sexually transmitted diseases and HIV, the virus that 
causes AIDS. 

Morgan said the computer's hard drive was thought to have been wiped 
clean when it was shipped off for sale late last year. She has ordered 
an internal investigation into the breach. 

B.J. Bellamy, the auditor's chief information officer, said the hard 
drive appeared to contain several thousand individual files. Sex 
partners of the individuals are counted but not named, he said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.