OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Utah guv fires tech director over health data breach, creates security czar

From: security curmudgeon (jerichoattrition.org)
Date: Thu May 17 2012 - 14:10:02 CDT


---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.sltrib.com/sltrib/news/54116598-78/health-data-information-state.html.csp

By Heather May
The Salt Lake Tribune
May 15 2012

Gov. Gary Herbert apologized to the 780,000 victims of the health data security
breach on Tuesday.

To restore the public?s trust, he announced Tuesday that he fired Department of
Technology Services director Stephen Fletcher and hired an ombudsman to
shepherd victims through the process of protecting their identities and credit.

"The people of Utah rightly believe that the government will protect them,
their families, and their personal data. When they interface with us that is in
fact our charge," Herbert said at an afternoon news conference, adding that one
of his family members was among those whose information was compromised.

"As a state government we have failed to honor that commitment," he said. "For
that, as your governor and as a Utahn, I am deeply sorry."

He said Fletcher was asked to resign, saying the director lacked "oversight and
leadership."

[...]

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.