Security breach found at BCIT campus health clinic
This article reports a security breach at the B.C. Institute of Technology. The institute discovered a security breach in which unauthorized personnel accessed a computer server containing personal information of patients. The breach was found during the Institutes scheduled security audit by the Institutes Technology Services Department. After a thorough investigation it appears the unauthorized access was only to download movies. 12, 680 people had stored information on the server at the time of the attack. The institute vows to review its security processes.

In this article the Institute was clearly breached but it appears the breached did not know he was breaching I like this article because I feel while this company was breached it also had good controls in place to quickly find out about the breach. The scary thing here is the breach happened so easily by someone who didn’t even know they were doing it.

The article was extremely vague as to how the breach occurred. Assuming the person was an employee and did it by accident then the controls that should have been in place is password controls to block the user out of the compute. Another control could be preventing access from certain computer access based on a job code. This would have stopped the unauthorized personnel access a server to download movies. The control could have locked the person out of the system. Lack of physical access to the computer could have also prevented the breach. If the computer was secured in an office which required additional access credentials the personnel probably would have had a much harder time accessing the computer. This may include, swipe key access, fingerprint access or photo identification access. While the Institute mentions its being audited they could beef up the auditing and double the amount of audits.

40/40