<html>
<body>
<font size=3>I'm afraid we may be seeing the tip of a new trend. When a
company realizes its been breached, they merely hire an independent
investigator to say they weren't, and buy a lot of insurance to cover it.
If the incident "hasn't happened" then they should be able to
still get enough insurance to CYA. In any case, I expect to see
admissions mitigated a lot more frequently by similar dealings.<br>
Lie, CYA, and hope nothing comes of it. The majority apparently don't, so
its a gamble for them with odds on their side. Perhaps...<br>
Noting less should be expected from corporations who if they gave a damn
would of secured it properly in the first place. Its just more corporate
slight-of-hand.<br>
Grrr....<br><br>
<br><br>
At 14:13 2/8/2007, Dissent wrote:<br>
<blockquote type=cite class=cite cite="">In August 2006, DL reported that
Vassar Brothers Medical Center had <br>
reported a stolen laptop containing PII on almost 260k patients.<br>
Original story:
<a href="http://attrition.org/dataloss/2006/08/vbmc01.html" eudora="autourl">
http://attrition.org/dataloss/2006/08/vbmc01.html</a><br><br>
Vassar Brothers issued two letters to patients following that
breach:<br>
<a href="http://www.poughkeepsiejournal.com/assets/pdf/BK3538482.PDF" eudora="autourl">
http://www.poughkeepsiejournal.com/assets/pdf/BK3538482.PDF</a><br>
<a href="http://www.poughkeepsiejournal.com/assets/pdf/BK6060427.PDF" eudora="autourl">
http://www.poughkeepsiejournal.com/assets/pdf/BK6060427.PDF</a><br><br>
Subsequently, Vassar Brothers retained Kroll to investigate the theft
<br>
and missing data. They then issued a press release saying that
based <br>
on Kroll's investigation of network server logs, the stolen laptop <br>
did not contain any identifying patient information.<br><br>
The Poughkeepsie Journal has been all over this breach and just <br>
published two more articles today, which dispute some of VBMC's <br>
reported statements:<br><br>
Official: Data installed as part of drills<br>
<a href="http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070208/BUSINESS/70207069/1003" eudora="autourl">
http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070208/BUSINESS/70207069/1003</a>
<br><br>
and:<br><br>
Documents show patient data on stolen laptop<br>
<a href="http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070208/BUSINESS/70207079" eudora="autourl">
http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070208/BUSINESS/70207079</a>
<br><br>
<br><br>
<br>
--<br>
Main site:
<a href="http://www.pogowasright.org/" eudora="autourl">
http://www.pogowasright.org</a><br>
Main RSS feed:
<a href="http://www.pogowasright.org/backend/pogowasright.rss" eudora="autourl">
http://www.pogowasright.org/backend/pogowasright.rss</a><br>
Breaches RSS feed:
<a href="http://www.pogowasright.org/backend/breaches.rss" eudora="autourl">
http://www.pogowasright.org/backend/breaches.rss</a> <br><br>
_______________________________________________<br>
Dataloss Mailing List (dataloss@attrition.org)<br>
<a href="http://attrition.org/dataloss" eudora="autourl">
http://attrition.org/dataloss</a><br>
Tracking more than 146 million compromised records in 566 incidents over
7 years.</font></blockquote></body>
</html>