Stupid user tricks 3: IT admin follies

IT heroes toil away unsung in miserable conditions -- unsung, that is, until they make a colossally stupid mistake

Page 7 of 7

Stupid user trick No. 6: Paging Dr. Data Breach, please come to the IT morgue
Bringing down your fundamental means of protection simply to perform a data migration is one kind of stupid; forgetting to put it up again is monumental.

That's what admins from an IT firm called Verus did. And by "called" I mean "now out of business."

To transfer data from one server to another, the admins disabled the firewall, then left it disabled, potentially exposing the personal financial details of more than 91,000 patients of at least five hospitals nationwide to anyone who happened by.

[ Boneheads mishandling your sensitive data is only one of the "Top 10 reasons to be paranoid" ]

The five hospitals -- three in the Pacific Northwest, one in Indiana, and one in New Hampshire -- reported that the problems originated from the Verus-operated bill-paying service each hospital used. The earliest breach was announced in late May 2007, the latest in late July.

The affected hospitals, which may have numbered as many as 60 in total, cancelled their contracts with Verus as soon as the breaches were discovered. By August, Verus was out of business.

Initially, the incidents were each thought to have been isolated. The true scale of the goof was not known until Medseek took over the Verus contracts at many of the affected hospitals, a Medseek executive explained.

Fallout: According to published reports, there has been no criminal misuse of the data since the screwup. Verus, of course, paid the price for its idiocy with its corporate life. The company was mothballed so fast, nobody knew what happened.

Moral: If you disable your network's fundamental protection measures just to migrate data from one server to another, you're doing it wrong. And for Pete's sake, if you're going to turn off the corporate firewall for any reason, be sure to turn it back on again.

[ Stupid user tricks home ]

Related articles
Stupid user tricks: Eleven IT horror stories
A long-suffering consultant and InfoWorld contributor recounts his tales of user catastrophe and lessons learned -- and shares astounding stories from readers, too
More stupider user tricks: IT horror stories redux
Idiot-proof your enterprise with these 10 hard-luck lessons of boneheaded IT miscues
Stupid hacker tricks
Looking to enter a life of cybercrime? Beware the boneheaded miscues of these infamous cyberschnooks
Stupid hacker tricks, part two: The folly of youth
Tech-savvy delinquents set the Net aflame with boneheaded exploits that earn them the wrong kind of fame
How to think like an online con artist
An enterprise is only as secure as the weakest human link. Here's how to use social engineering to test security defenses
Top 10 reasons to be paranoid
Every bit of your virtual existence is being monitored -- get scared accordingly
The 7 dirtiest jobs in IT
Somebody's got to do them -- and hopefully that somebody isn't you
Test your geek IQ
If you truly want to know how smart you are when it counts, then InfoWorld's Geek IQ test is the puzzler for you
Test your network security IQ
So you think you know something about security? Not so fast, smart guy. We've got a hunch you might not know as much as you think
Test your tech celebrity IQ
Match your tech-fame wits against our dirt-filled industry-insider quiz

| 1 2 3 4 5 6 7 Page 7