The Finch Formerly Known As Gold

11 February 2005

Low-tech hacking

Our esteemed health-insurance provider, CFI Care (not its real initials), has been pestering me for weeks to sign up for some third-party "disease-management program," and their HQ in deepest [location redacted] calls about three times every two weeks. When I don't respond, CFI sends a letter to scold me, then the cycle repeats.

I was expecting the regular scolding in this week's mail, but instead got a security advisory. It seems that the aforementioned third party had had a security breach which may have jeopardized my personal information, had I bothered to send them any. The nature of this breach?

[A]n unauthorized person accessed secured office space in [firm name redacted] headquarters and stole a computer from an employee's desktop.

No Trojans, no keystroke recorders, no secret mirrors in Estonia: some guy just went in and hoisted a PC off someone's desk.

Yeah, I want these people to have all my medical records at their disposal, don't I?

Posted at 8:56 PM to PEBKAC

Just think, if it wasn't for HIPAA, you probably would've never know about this.

Posted by: rita at 8:03 AM on 12 February 2005

Hmmm. Hadn't thought about that, but it seems plausible enough.

Posted by: CGHill at 9:20 AM on 12 February 2005

CFI Care??

Hah...I missed the joke the first time through.

Posted by: bleedingbrain at 5:02 PM on 15 February 2005