October 2nd, 2020
Welcome back readers to another installment of the cyber attack of the week series here at CPG. As we welcome the fall weather, spooky season is now among us.
Many are currently planning fall activities like Halloween parties and trick or treating here in the US. Further, with Halloween right around the corner, what will the scariest costume be this year?
A ghost? Jason from Friday the 13th? Carole Baskin from Tiger King? No, not quite…
Government officials of all ranks may just take the cake. In the response to the COVID-19 pandemic, many disagree with choices of those elected to govern.
To elaborate, in one specific scenario, a governor from Minnesota is in the spotlight recently for an executive order he signed in regard to COVID-19. Let’s take a look.
To begin, we’re examining recent events in Minnesota regarding COVID-19 patients and their privacy.
Back in April, Minnesota governor, Tim Walz signed an executive order in regards to COVID-19 patients. This order allows the Minnesota Department of Health and Department of Public Safety to share addresses of COVID-19 patients with first responders.
The goal of this order is to keep the health and wellness of those infected with the virus safe and accessible in a time of emergency.
Further, due to the sensitive nature of such data, the governor also imposed strict guidelines and protocols to protect the information of the patients.
Sources confirm that when the addresses are sent between dispatchers and 911 services, the information is sent via encrypted emails.
While I’m sure that keeping this private information is the goal, witnesses have come forth with statements that prove that it was not the case.
Continuing on, sources and witnesses are now confirming that they indeed received the so-called private information.
According to KSTP News in Minnesota, they received documentation and evidence regarding the issue.
But 5 EYEWITNESS NEWS obtained internal city and state documents which show there have been numerous times, starting in August, where those protocols were not followed and the privacy of addresses of COVID-19 patients was compromised.
Further, other officials within the state came forward with statements regarding the issue, and the severity of the leak.
After the initial statements regarding the leak came about, other governing officials pointed fingers within the government, for carelessness and lack of concern.
Next Steps for Recovery
All in all, after initial remarks and discussions over the issue, the state is taking steps to fix the problem. For one, the notification of COVID-19 patients is on pause until the security issues do not present a threat.
Also, government officials are now recommending an internal security audit as well as an external audit.
Once again, a scenario like this proves that proactive security protocols are important for service that stores sensitive information.
Further, services like penetration testing and security audits are what could have prevented a scenario like the one in Minnesota.
Hopefully, the state’s government learns from this somewhat smaller incident. And, will take the lesson and use it to form security policy and procedure.
By Taylor Ritchey