Data breaches are becoming a fact of life for almost any organization that collects and maintains large amounts of information on consumers or clients. In fact, a recent incident suffered by the state of Indiana shows how easy it can be for these exposures to take place, and could illustrate just how important it is for small companies to have tech insurance to protect themselves in the event that such an issue arises for them.
The Indiana Family and Social Services Administration recently revealed that the personal, medical, financial and even employment data for more than 187,000 people was exposed in a massive data breach that came as a result of a simple computer programming error, according to a report from Government Health IT News. Included in the exposure were nearly 4,000 people who may have had their Social Security numbers – the most difficult piece of data to protect once it has been compromised – exposed in the breach.
“We at RCR Technology Corporation apologize that our actions may have caused some FSSA client information to be disclosed in error,” said Robert Reed, president of RCR Technology Corporation, according to the site. “We will do everything possible to prevent such an incident from happening again in the future.”
The incident occurred when the agency’s contractor – RCR Technology Corporation – made the programming mistake on a document management system it supports, which in turn led to documents being duplicated when they were sent to some clients, and then sent to other clients that did not have authorization or a reason to view it. Information compromised in the incident included consumers’ names, addresses, dates of birth, demographic data, and other contact information. In addition, financial details including their monthly income and expenditures, bank balances and other assets they have was included on these documents, as was medical information including their conditions, care providers and medical conditions. Finally, information about other people in the victims’ households including their names, genders and dates of birth were included.
The programming error was first made on April 6, and was not identified and fixed until May 21, after having been discovered on May 10, the report said. The agency only began notifying victims of the breach at the end of June, and announced the incident on July 1. However, it should be noted that the FSSA also suffered a data breach last year, which exposed health data of 757 people. As a consequence of the latest incident, the agency will extend all victims the ability to enroll in a 90-day fraud alert, though the industry standard is usually something along the lines of one year’s worth of protection.
What does this potential lesson mean for small businesses?
When government agencies suffer data breaches it is very common to see protection services offered, but these may be extremely difficult for independent companies to afford, especially when taken in addition to whatever other remediation costs they may face on their end. Often, the price for dealing with all issues appropriately and according to industry standards can stretch into the hundreds of thousands of dollars or potentially even more than that, and most small businesses simply cannot afford that.
This is why it’s important that small business insurance policies including tech insurance be taken on by these companies. They will help to significantly reduce the costs of dealing with data breaches when and if they happen, which in turn could serve to significantly undermine a company’s ability to grow, or altogether ruin its finances.