Data Leaks Sink IT Contractors

Guarding sensitive data is an extremely complex task and often requires a skilled IT team that stays on top of modern technology.  Of course, if your IT team does things like turning off firewalls in order to perform lengthy maintenance on servers (while leaving them connected to the internet), they might not really be a ‘good’ IT team to begin with.

Sadly, this isn’t a hypothetical situation, but the true story of Verus, a Washington-based IT company that provides solutions for hospitals.
Unprotected private data, which included names, addresses and social security numbers, soon became world-visible. At one point Google indexed the data. A woman searching for the details of a deceased friend discovered the indexed information on May 22.  Soon thereafter, the first story officially broke. The 1,000 records belonged to Kennewick General Hospital in Washington. The hospital implicated Verus, who processed the hospital’s online payments.

The next day, more news broke reporting an additional 9,000 records leaked from Concord Hospital in New Hampshire. According to the report, the patient data had been freely available on the internet “for a period of time.”
What, if anything, do you do to make sure that the companies you deal with protect your privacy?
Tags:  CTO, Data, ink, leak, contract, EA, AC, leaks, Tor, K, ACT