Sunday, April 13, 2008

WellCare Data Breach...

I haven't spoken with anyone at work about this but I was aware of the event before going on vacation. I did not know any of the particulars, only that it involved Georgia in some way.

I believe everyone works hard to safeguard patient data. The short term drawback is that it will make everyone's life that much more difficult, the long term good will be a better process (I hope).


Anonymous said...

I am going to post anonymous for a reason. My company had a Data breach that was in the news almost a year ago.

I think the first thing to decide is where and how did it occur? Oracle has technologies to help protect data. There is transparent data encryption and dbms_crypto. There is Oracle VPD and Label Security. There is Oracle Database Vault.

Auditing helps you find if a trail happened after the fact unless people are actually looking at the audit data but even that isn't a precursor.

I say it's better to be safe then sorry. If any employee sees a way that data could be improperly accessed, they should bring it to the attention of management or a separate security/auditing group so that it can be handled. Better yet, offer solutions that would close the gap.

oraclenerd said...

I don't believe the architects are interested in anything specific to Oracle except for our Data Warehouse and our main application's database.

To use products like those you mentioned is anathema to their thinking. It's all open source baby!

I believe our web team uses mostly Ruby on Rails on top of MySQL, I could be wrong though.