- Georgia WellCare Data Exposed
- Insurance records of 71000 Ga. families made public
- Georgia: 71,000 private records publicized
- Georgia Patients’ Records Exposed on Web for Weeks
- WellCare Flubs Data Privacy for 10,000 Georgians
I haven't spoken with anyone at work about this but I was aware of the event before going on vacation. I did not know any of the particulars, only that it involved Georgia in some way.
I believe everyone works hard to safeguard patient data. The short term drawback is that it will make everyone's life that much more difficult, the long term good will be a better process (I hope).
I am going to post anonymous for a reason. My company had a Data breach that was in the news almost a year ago.
ReplyDeleteI think the first thing to decide is where and how did it occur? Oracle has technologies to help protect data. There is transparent data encryption and dbms_crypto. There is Oracle VPD and Label Security. There is Oracle Database Vault.
Auditing helps you find if a trail happened after the fact unless people are actually looking at the audit data but even that isn't a precursor.
I say it's better to be safe then sorry. If any employee sees a way that data could be improperly accessed, they should bring it to the attention of management or a separate security/auditing group so that it can be handled. Better yet, offer solutions that would close the gap.
I don't believe the architects are interested in anything specific to Oracle except for our Data Warehouse and our main application's database.
ReplyDeleteTo use products like those you mentioned is anathema to their thinking. It's all open source baby!
I believe our web team uses mostly Ruby on Rails on top of MySQL, I could be wrong though.