Lessons Learned


Maybe you can learn from adversity after all. My March 4, 2010 blog post concerning the massive data breach from a BlueCross BlueShield training center located in Tennessee, where more than 500,000 subscribers were put at risk of identity theft following the theft of 57 unencrypted hard drives, now has a coda.

In its wake, which has already cost the insurer at least $7 million, the Tennessee plan has just published its “lessons learned” which it wants to share with other organizations, especially those sensitized to these data breaches by HITECH data breach notification requirements.

 These include:

  • Adding a layer of physical security to protect servers is a prudent step.
  • Encryption should be applied widely, including on servers.
  • Appointing a chief security officer helps to ensure coordination of all security efforts.
  • Organizations should carefully assess how long to store information.
  • In preparing a breach notification plan, be sure to prepare a pre-selected list of vendors that can help with various tasks.
  • Train customer service representatives to deal with breach-related questions from the public.
  • Communicate frequent updates on breach investigations through the media and a Web site.

These aren’t just take-aways for BlueCross BlueShield. They’re also meaningful outcomes for any business where securing customer data is job one.

TAGS: , , ,

   |   Leave A Comment

Comments

  1. No Comments

Leave A Comment

Make sure you enter the * required information where indicated. Comments are moderated. Please no link dropping, no keywords or domains as names; do not spam, and do not advertise!

|