What is it about education and healthcare that makes them the two industries comprising the vast majority of data breach incidents? Are there just more of them? Are they more valuable targets because of the data they contain? Or, do they simply not understand the importance of data security or how to implement it?
The City College of New York sent letters to about 7,000 students, notifying them that a stolen computer contained sensitive information and that their personal details–including name and Social Security number–might be compromised. The computer was password protected, but for an attacker with half a clue that poses only a trivial roadblock to gaining access.
Obviously, organizations–including education and healthcare institutions–need to store data of a private or sensitive nature, but that data should be properly safeguarded to ensure it can not be compromised or accessed by unauthorized users even if the computer or drive it is stored on is lost or stolen. Someday, maybe these organizations will learn that it is more cost-effective to implement appropriate security measures proactively than it is to deal with the fallout of a data breach.