Tuesday, April 10, 2012

Utah Breach Shows Vulnerability of Health Records - NYTimes.com

Utah Breach Shows Vulnerability of Health Records - NYTimes.com

The same week that I am reading about the NSA building a big facility in Utah there's a data breach in Utah...
"Eastern European hackers have stolen personal records for 780,000 people in the breach of a computer server in Utah...Hackers were able to breach the servers by exploiting a technician’s weak password."
And this is definitely a hack that could have been avoided if the proper procedures were followed for configuration of their server according to the article. Personally, I'd go further and take the reliance off of manual procedures and eliminate weak passwords through the use of a privileged account management product like Quest One Privileged Password Manager. Why bother leaving this to manual procedures that may be "forgotten" as happened in this case?

Privileged Password Manager ensures that when administrators require elevated access, that access is granted according to established policy, with appropriate approvals, that all actions are fully audited and tracked and that the password is changed immediately upon its return. It’s a secure, compliant and efficient solution to the age-old “keys to the kingdom” problem. Privileged Password Manager is deployed on a secure, hardened appliance.