Global security and safe data advocates have warned governments and organizations of cyber attacks that are meant to access and steal their web databases and urged them to build strong encryptions to make sure that their systems are safe and data breach is unavoidable.
However, one thing about data handling has been overlooked over the few years. As the sophistication of tech-based attack increase, many governments and organization have focused their attention on online data security.
They forgot about their offline data – printed information and written forms. They overlooked the possibility of a data breach in offline systems.
Just like what happened recently in New Zealand when the wind blew out papers including personal patient history data. No hackers, no phishing emails, but patients’ data are at risk of being stolen by criminally intent individuals.
Canterbury and West Coast District Health Board have been alerted when some of the documents were picked up by a passerby in Hornby, a suburb five miles outside Christchurch after the Board said that an employee mislaid printed papers and they were ‘blown away in a gust of wind.’
According to a report by Stuff, about 40 pages were lost during the incident that includes the names and health numbers of around 300 individuals. Detailed clinical notes of another 15 people are also blown away.
At the time of reporting, Stuff said that only six pages were recovered by the authorities and the rest of the lost documents are still ‘in the wind.’
A Health Board Spokesperson said: “as time passes it seems more likely that these misplaced documents have been picked up by someone and destroyed.”
The Forbes reported that it is challenging to safeguard contents of printed or written records especially when they are exposed in a public space. They can be destroyed by fire and water, photographed by the media and other people, and apparently, can be blown by winds.
During the press briefing by Secretary of the Treasury, Steven Munchin last January 28 to announce the new sanctions imposed by the US against Venezuela’s oil industry, a significant data was captured by the camera of the press.
The press briefing was attended by National Security Advisor John Bolton who after a brief statement, left the podium clutching a yellow notepad. In it, he wrote the words ‘5,000 troops to Colombia’ that was exposed to the public after the official held the notebook to his chest.
Both of these data leaks are unintentional, but there are several cases of intentional data breach done not by hackers or data phishers.
On late February of 2019, Mikhy Farrera – Brochez was charged by the United States for leaking the names, identity numbers, and addresses of HIV patients in Singapore.
According to the Health Ministry of Singapore, Farrera-Brochez, angered by his deportation, had disclosed the personal information from names and identity numbers to addresses, of 5,400 citizens diagnosed with HIV up to January 2013, and of 8,800 foreigners diagnosed up to December 2011, on his Facebook account.
“The criminal complaint alleges that Farrera-Brochez illegally possessed and intended to distribute data containing sensitive medical and other identifying information,” the U.S. Attorney’s office of the eastern district of Kentucky said in an interview.
“While living in the eastern district of Kentucky, Farrera-Brochez sent links to the data from his e-mail account to several news outlets. He also sent e-mails to several government officials in Singapore containing links,” it said in a statement on its website.
As required by Singaporean law, everyone’s HIV status should be declared and should be added to a national database. The HIV registry was established in 1985 by the Ministry of Health to keep track of the infection situation and trace potential cases. The database includes personal information, names, and addresses of more than 14,200 people.
According to Forbes, there are different ways that criminals can use data that are leaked through either intentional or unintentional data breach.
They wrote: “Personal data like this is a significant score for cybercriminals who will likely look to capitalize on it any way they can. One of those ways is by selling off bits like SSNs and drivers’ licenses — which can fetch as much as $20 apiece, according to Patrick Tiquet, Director of Security & Architecture at Keeper Security. And even though Social Security numbers sell for just 1/20th that price, multiply that by 143 million and the attackers could be looking at a major payday.
“Another way they may try to profit is by launching targeted phishing campaigns. Noted security researcher Kenneth White believes that “Based on the disclosure, the impact of this could be as far-reaching as the OPM breach.” The OPM — Office of Personnel Management — fell victim to a hack in June of 2015. Months later, ransomware criminals used the 22 million stolen email addresses to launch a large-scale attack.” /apr