Data liquidity is not always such a good thing, particularly if you live in New Jersey.
Last week it was reported that a laptop with over 300,000 consumer records contained therein was stolen. Now, Horizon Blue Cross/Blue Shield of New Jersey, the owner of that laptop, is notifying these consumers that their personal information may have been compromised.
Laptops are a hot item and frequently stolen, we all know this and certainly try to safeguard our laptops while traveling. What I fail to understand with this story however, is how any company, be they provider, health plan, employer, etc., would allow an employee to load such sensitive information (and so much of it) onto a laptop and then proceed to take it outside the office.
Sure, many employees are now telecommuting and may come into the office on occasion and pick up some files. Others simply take work home with them to meet a deadline. We all do this. But carrying this amount of sensitive information outside a secure office environment, I just don’t get it, particularly with the tools now available that allow an employee to easily and securely access such files over the Web via a secure connection. If such tools were available at Horizon, and the policies to enforce their use, there would have been no reason for these records to be on a laptop in the first place.
The only conclusion I can come up with is simply a lack of foresight and good security policies at Horizon. Senior Horizon management, and in particular the CIO are on the the hook for this one.