1. Home
  2. General Telecommunications Forum
  3. Fallon: stolen computer had members' information

Fallon: stolen computer had members' information

formatting link
Fallon: stolen computer had members' information January 24, 2008 05:43 PM

Fallon Community Health Plan said a laptop computer was stolen containing personal information for all the members of its Fallon Senior Medicare Advantage and Summit ElderCare plans. The computer contained claims data for about 30,000 people, or about 15 percent of Fallon's overall membership.

The insurer said the computer belonged to a third-party vendor in Boston, which it declined to identify, and was stolen from that firm's offices.

Fallon is offering free credit monitoring -- which would alert members or their families to any unusual activity in their financial accounts -- to anyone whose personal information was stolen. Chief executive Eric H. Schultz said Fallon is working with law enforcement officials to recover the computer.

(By Jeffrey Krasner, Globe staff)

Reply to
Monty Solomon
Loading thread data ...

[Moderator Snip]

*Sigh* Why do people put these databases on laptops in the first place? For what possible purpose? Shouldn't that kind of data be on a server?

Reply to
mc

It's because sometimes you're doing work on developing a new tool or what have you and you need the dataset to make it work.

Of course when we did the corporate database where I formerly worked I wouldn't let them have actual data. I exported the table structures with no data in them and then populated it with dummy data.

Reply to
T

That is the only sensible approach. There ought to be huge penalties for anybody who puts actual identity theft data onto a laptop.

***** Moderator's Note *****

That's not always feasable: the prime directive of computer programming is the same as the prime law of medicine - "First, do no harm".

In order to make sure that program changes don't break existing code, a programmer _must_ test his changes against a "corpus" of existing data, in order to find the (sometimes subtle) interactions which plague old "spaghetti code" programs and break them in hard-to-find ways at the worst possible time.

In theory, it's possible to create a corpus of test data that accurately reflects the larger database. Theory and practice don't mix well in production environments, and there's never enough time to maintain test databases properly or to create new test cases for each program change.

Managers know that theft is a remote possibility, and their bosses ire at a missed deadline is real, in-your-face, and right now. They usually make the obvious choice.

Bill Horne Temporary Moderator

Reply to
1100GS_rider

That's where the legal penalties kick in, to provide the proper incentives to take care of private information.

***** Moderator's Note *****

That may be so, but bureaucracies don't work in a way that reinforce such events, so the end result is "no change". Bruce "Secrets and Lies" Schnier has pointed out repeatedly that security will only become routine when insurance companies impose it as a condition of underwriting the associated risks. I agree.

YMMV.

Bill Horne Temporary Moderator

Reply to
1100GS_rider

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.