Lesson about Passwords after Theft of 16,000+ UCLA Patient Records



Unfortunately, we’ve learned another lesson about passwords at the expense of 16,288 patients who’ve been treated at UCLA’s network of hospitals and clinics.  The patients’ sensitive information are in the wrong hands following a burglary of a doctor.

The information was on the computer hard drive stolen from a doctor’s home, according to an article in the The New York Times (UCLA Health System Warns About Stolen Records). Medical records of the patients included addresses, birth dates and medical information covering July 2007 to July 2011.

The possible good news: The personal medical data was encrypted. But the alarming news: A piece of paper containing the password to the medical records was missing from the doctor’s home.

ID-10070889 imagerymajestic“Rule 1 is never write down passwords,” warns nationally known security expert Stan Stahl, Ph.D., of Citadel Information Group in Los Angeles.

“Rule 2 is – if you’re going to break Rule 1 – do it securely,” he adds.

“If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver’s license,” explains Dr. Stahl. “And just write the password: write ‘15Blah-blah-blah’ not ‘my laptop password is ‘15Blah-blah-blah’.”

You can get more of Dr. Stahl’s insights on his security blog and his Web site. (Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are additional cybersecurity tips:

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft – Study — A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks, according to data released in 2013. These incidents continue to represent a significant threat to corporate brands.

Don’t Wait for Cyber Security Legislation that Affects Your Business — Not likely to pass, a data-breach bill has been re-introduced in the U.S. Senate that would regulate how businesses behave – informing customers when their personal information has been stolen. Passage or not, businesses should act on their own. It’s the right thing to do. Here are four precautions to take for your business.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Protect Your Bank Accounts So You Can Sleep at Night — Imagine for a moment — you’re sitting at your desk enjoying a second cup of morning coffee. Then, your phone rings. It’s a call from your bank to discuss possible fraud. Your bank is concerned about possible suspicious activity with your accounts, and wants to make sure you’re not a victim.

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-Richard Clarke


 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.




Photo courtesy of imagerymajestic at www.freedigitalphotos.net


Seattle business consultant Terry Corbell provides high-performance management services and strategies.