Healthcare provider Aetna has agreed to pay $17 million as settlement for a data breach that compromised the privacy of people taking preventative or diagnosed medication to treat HIV. A breach that could have easily been avoided.
While unrelated, Aetna’s settlement amount is about the same as the average entire cyber crime cost for a US company for 2016.
Ironically, the provider’s data breach had nothing to do with cyber criminals. People could see the first three lines of the letter through the clear window of the envelope and gather that the addressee was taking HIV medication- seriously compromising privacy laws.
The fact that data can be compromised in very low-tech ways was emphasized in a recent cyber security webinar conducted by attorney Robert Brownstone of Silicon Valley-based law firm Fenwick & West, LLP. “Companies invest heavily in IT software but forget to train their employees. Inadvertently harmful intentional disclosures are a big leakage risk,” he said.
Brownstone gave a few tips to avoid low-level data breaches:
- Loose lips - People not watching what they are saying
- Blind copying people on emails
- Clicking ‘reply all’ on emails
- Bragging on social media
- Sock puppeting, a term used for online identities used for purposes of deception