by Paul Rubell
One matter that is scarcely talked about in the realm of data breach is the lengthy passage of time from crime to discovery.
In this latest incident in Washington, the hacking happened between the fall of 2012 and February 2013. After so many months, damage cannot be mitigated. What is the good of breach notification, when the thieves are long gone, with personally-identifiable information and money in hand? A stolen car may be recovered if the police are called soon after the theft, but once the car has been to the chop shop, late notification is but a formality. Yes, the criminals can be apprehended, but the damage they caused is a fait accompli that cannot be undone.
When a data breach is discovered promptly after the crime, notification is meaningful; those people whose records have been compromised can take steps to protect their credit cards and bank accounts. But once their property has been looted, notification is little more than upsetting news.
The migration of data to the cloud is one of the primary reasons why data has become so susceptible to attack. The “information highway” has lived up to its name, giving an easy way for foreign countries and domestic criminals to drive to computer servers and withdraw data like at an ATM machine.
Distributed computing has made the delivery of information little more than a utility, like the electric grid. In Washington and elsewhere, case management information is easily accessible via mobile devices and computers alike. The federal and most state courts mandate that documents be filed electronically, and case information be accessed in the same way.
Similarly, the mandate of electronic medical records has put private healthcare information at risk. The admirable goal of making EMR accessible to patients, providers, pharmacies, and insurers makes personal health information vulnerable at the same time.
Credit: Reuters/Kacper Pempel/Files