UCLA recently agreed to pay a penalty of $865,000 for a series of HIPPA violations and now they are forced to reveal that the theft of an external hard drive from a former employee’s home has created the fears of yet another security breach. Plus, UCLA is offering 16,288 patients credit and fraud protection services.
This was a remarkably silly and avoidable breach. According to the news reports, the information on the hard drive was encrypted, but the password necessary to unscramble the information was written on a piece of paper near the hard drive and cannot be located.
I continue to preach this about passwords; it is not necessarily that the passwords are insecure, rather it is how people manage them. And in this case, the password was managed quite stupidly. Unfortunately, this is all too common.