{"id":30192,"date":"2022-10-21T15:25:59","date_gmt":"2022-10-21T19:25:59","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=509236"},"modified":"2022-10-25T09:58:45","modified_gmt":"2022-10-25T13:58:45","slug":"usb-stick-sold-in-yukon-pawn-shop-had-personal-data-from-health-ministry","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/usb-stick-sold-in-yukon-pawn-shop-had-personal-data-from-health-ministry\/","title":{"rendered":"USB stick sold in Yukon pawn shop had personal data from Health ministry"},"content":{"rendered":"

As Cybersecurity Awareness Month draws to a close, a data breach in Yukon is a reminder there\u2019s a long way to go to make sure employees are cyber-aware in everything they do.<\/p>\n

A Whitehorse man who bought a USB stick at a pawn shop plugged it into a computer and found the drive contained confidential case files from the Health and Social Services department of the territory\u2019s government.<\/p>\n

The data include confidential case files from the family and children\u2019s services branch, including case assessments, reports, budgets, and personal contact information.<\/p>\n

This week, Health Minister Tracy-Anne McPhee said<\/a> the files were removed from the Health and Social Services system by a former employee, who had \u201cabandoned\u201d their belongings in a storage unit, the contents of which ended up being sold to a local pawn shop. She said the former employee was not authorized to take the information. Between 30 and 60 people were affected, she said.<\/p>\n

It\u2019s not uncommon for employees to copy sensitive corporate data to a removable drive, Theo Zafirakos, CISO of Terranova Security, a Laval, Que.-based security awareness training firm, said in an interview. Often employees do it so they can work from home or remotely.\u00a0 \u201cFor it to be lost and found by somebody else, it happens, but we don\u2019t hear about it as often,\u201d he said, \u201cperhaps because it may not be announced publicly.\u201d<\/p>\n

One of the most infamous incidents, he added, happened in the U.K. in 2017 when a USB stick found on a London street held security details<\/a> for Heathrow International Airport\u2014 including security measures and travel details for Queen Elizabeth.<\/p>\n

\u201cWe tend to blame technology,\u201d Zafirakos said, \u201cbut it\u2019s not technology, but how we use it that is often the trouble.\u201d Staff must be told they can\u2019t copy data onto removable drives, or if they have to, then the data must be encrypted or password-protected.<\/p>\n

Some IT departments block the ports of desktop computers with hardware or software so USB devices can\u2019t be plugged in. However, Zafirakos noted staff can get around that by emailing files to a personal email account.<\/p>\n

Another solution is the implementation of data loss prevention software, which inventories sensitive data and then detects how it is being used, including if it is being emailed or copied.<\/p>\n

It isn\u2019t clear when the data was copied to the USB stick. According to a news report, the Health ministry made changes to its case management system that were fully implemented last November.<\/p>\n

\u201cIf anybody wants to access that [information], they must access through a secure portal with a password and an identifier,\u201d a department spokesperson told the CBC. Information cannot be seen or removed from those systems without going through that process.<\/p>\n

\u201cIt could happen to anyone,\u201d Zafirakos said. \u201cIt doesn\u2019t mean one organization is less secure than another just because it happened to them. They were lucky \u2026 that the data did not fall into the wrong hands.\u201d<\/p>\n

The post USB stick sold in Yukon pawn shop had personal data from Health ministry<\/a> first appeared on IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Health minister says a former employee copied data onto USB key, then ‘abandoned’ with other belongings in a st<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[58,361,16],"tags":[425,695,391,396,393,275,696],"class_list":["post-30192","post","type-post","status-publish","format-standard","hentry","category-government-public-sector","category-privacy","category-security","tag-data-breach","tag-data-loss-prevention","tag-di","tag-postmedia","tag-security-strategies","tag-top-story","tag-yukon"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=30192"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30192\/revisions"}],"predecessor-version":[{"id":30222,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30192\/revisions\/30222"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=30192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=30192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=30192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}