Friday, June 28, 2013

Here Is Another Wrinkle In The Search For Information Security. Securing USB Sticks.

This popped up a few days ago.

Poor USB security puts info for 6 million Medicare beneficiaries at risk

June 19, 2013 | By Dan Bowman
A Medicare contractor's failure to adequately implement security controls over USB devices put sensitive information for more than six million Medicare beneficiaries at risk, according to a report published this month by the U.S. Department of Health & Human Services Office of Inspector General.
The contractor--Columbia, Md.-based Quality Software Services, Inc.--is responsible for independent testing services for changes to Medicare Part A and B "Fee-for-Service" standard systems. OIG found that QSSI did not list "essential system services or ports" in its security plan, nor did it disable, prohibit or restrict use of unauthorized USB device access. According to the report, QSSI failed to implement USB security controls "because its management had not updated its USB control policies and procedures."
"As a result … the PII of over six million Medicare beneficiaries was at greater risk from malware, inappropriate access, or theft," the report added.
More here:
One of those little warnings that are always worth re-iterating. Those USB sticks need to be used with great care when moving sensitive information.
If you have not considered the issue here is a great deal of extra information
Worth being aware of.
David.

No comments: