Two months ago we posted about the massive data breach at South Shore Hospital in Weymouth, Massachusetts, “800,000 Reasons Why MFT is Important“.

Well, the drama and the headaches continue.

What originally happened was that computer files containing personal information of about 800,000 people, information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits had been misplaced, possibly lost or maybe even stolen.

Aspirin worthy.

On September 8th, 2010 Wickedlocal.com reported that “South Shore Hospital initially informed the Attorney General’s Office and the public that it would send individual written notice of the data breach to each affected consumer.”

Aspirin worthy, but the legal and responsible thing to do…that is until a brilliant idea occurred:

However, South Shore Hospital has informed the Attorney General’s Office that it does not plan to send individual written notice to affected consumers. Instead, South Shore Hospital has chosen to invoke a provision under state law to notify consumers through the ‘substitute notice’ process, which means rather than receiving individual letters at their homes, consumers who are affected by the breach will be generally notified of the data loss through a posting on South Shore Hospital’s website, publication in newspapers throughout the Commonwealth, and by e-mail for those consumers for whom South Shore Hospital has e-mail addresses.”

So the move here is that to notify the people who’s data they lost, they’ll put that information in a place where everyone can see it. Isn’t that counter-intuitive? 

In a related story on Healthdatamanagement.com – Joseph Goedert reports that:

Massachusetts Attorney General Martha Coakley ‘has objected to South Shore Hospital’s revised notification plans and maintains that affected consumers should receive individual notification as originally represented by South Shore Hospital in its prior public announcements concerning the data loss,’ according to a statement from her office.”

What are your thoughts on how South Shore Hospital is handling this? Am I the only one reaching for the Anacin?

We are sorry for any concern we are causing anyone at this time.”

It’s pretty certain that those are 13 words that no CEO ever wants to have to say. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

Seems that some computer files containing the personal information of about 800,000 people might have been misplaced or possibly lost or maybe even stolen.

We’re talking about information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits … just to name a few pieces of personal information, you get the picture.

800,000 records. 800,000 reasons why Managed File Transfer is important. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

Seems that somewhere in the process of these 800,000 records being shipped to a contractor to be destroyed, and actually getting to the contractor to be destroyed they disappeared.

Boston.com has some information worth reading.

Forgive the obvious Ipswitch plug here, but c’mon, any one of these solutions could help any CEO avoid having to say those 13 words.

So, that’s today’s 800,000 reasons why MFT is important, and how to avoid those 13 words. As a special bonus for you, here’s 7 words you’d surely like to steer clear of:

We are still searching for those files.’’

Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

When interviewing job candidates, I’m always on the lookout for dedicated, motivated, passionate people that relish in rolling up their sleeves and doing whatever it takes to get the job done.  Why?  Because a little bit of chutzpah goes a long way towards being a successful and productive employee.

But can employees “going above and beyond” backfire and result in severe damage to a company?

Unfortunately, yes, they can.

In his guest blog post on LastWatchdog, Gary Shottes, President of Ipswitch File Transfer, describes an example of how hard-working employees are causing new security and legal liability implications that organizations need to carefully consider when deciding what tools to provide people with.

“Highly-motivated workers are willing to do whatever it takes to get the job done, with or without IT.  Employees, whose job requires them to send information to colleagues, partners, vendors or customers around the globe, have literally thousands of file transfer options.

If IT fails to provide employees with a fast and easy way to share information, they will take matters into their own hands, even if that means using technology that’s not sanctioned by IT. They may use a personal webmail account, smartphones, USB drive, or even transfer data via Facebook and LinkedIn.”

Combining that increasingly familiar scenario with some recent survey data indicating that over 80% of IT executives lack visibility into files moving both internally and externally drives home the scary point that there’s a big security hole in many companies…. And organizations need to be careful that employees can’t crawl through it, even if it’s with the best of intentions.

Fortunately, there are some great tools out there to arm employees with a quick, easy-to-use and secure way to share information with other people, both inside and outside the company — While at the same time provide the company with the critical visibility, management and enforcement it needs to protect sensitive and confidential information.  This is one situation where it makes a lot of sense to lead the horse to water & make it drink.

Have you heard about the Russian Spies that got busted recently for basically using for security what we get as prizes in our Boo Berry Cereal. Invisible ink pens? Really? What’s next? Dr. No using Mad Libs and carrier pigeons to transfer data? For you spies out there, let this be a lesson in security:

Russian Spy Ring Needed Some Serious IT Help” [from NetworkWorld]

”]

Word of today’s public announcement that Ipswitch has acquired MessageWay Solutions is already starting to spread, and fast.  Whether you’re an Ipswitch customer or employee, industry expert, or just learning about the Managed File Transfer space one thing is clear – The MFT industry is evolving and growing worldwide, both in strategic importance and pure volume.

We’ve seen greater emphasis on managing and controlling file processing behind the firewall…. And witnessed customers and prospects describing their need for an MFT solution that includes some B2B and EDI attributes.

Ipswitch’s acquisition of MessageWay creates the industry’s most powerful and complete suite of Managed File Transfer solutions with robust, highly scalable advanced file services that continues where MFT has traditionally left off – at the edge of the network.

[youtube]http://www.youtube.com/watch?v=U06p6axECSY[/youtube]

read more “Advancing MFT Solutions”

GT News, an association for financial professionals, just posted an article on managed file transfer titled “Data: Transferring the Burden Under PCI DSS” written Jonathan Lampe, VP of Product Management at Ipswitch.

“When evaluating for data security technology, a company should look at four categories: confidentiality, integrity, availability, and auditing. These headlines are designed to assist in assessing whether a data technology or process is likely to provide one-time compliance for the purposes of PCI DSS.”

This article is a very informative read for people living/coping with PCI DSS compliance and looking for a detailed application of MFT solutions to the 12 PCI DSS requirements.  It’s also a good read for people that simply want to know more about MFT and want to learn about Jonathan’s framework for evaluating data security technologies.

Ipswitch File Transfer is going (more) global. We’re thrilled to announce the expansion of our already successful Ipswitch FT Partner Program.  It now boasts a number of new benefits for our global partners, including a new Elite Partner Level and a deal registration program.

The Elite Level expansion was created for those partners looking for even greater association and support from Ipswitch File Transfer.  A new deal registration program has also been introduced, which will incent resellers with additional discount points for registering qualified net new sales opportunities on the FT Partner Portal.

read more “Going Global: Ipswitch File Transfer Expands Partner Program”

Tax season is behind us (at least for most of us) and we can all give a sigh of relief… but can we? This year, getting my taxes organized and handing them to my accountant seemed to be more difficult than usual. Fortunately for me, the Federal Government gave certain areas that were dealing with flooding a small extension that allowed me to find the time to pass my taxes into my accountant.

Once that task was completed, I was able to relax except for the fact I now had one day to get back into the accountant’s office and sign the documents for them to send to the IRS.

read more “Do People Realize What They Are Sending and the Risks Associated?”

Shocker!  So let me get this straight…. A leader in the B2B Gateway, MFT, and Integration Provider markets gets acquired and the leading analysts firms in the universe reduce it to an apps in the Cloud story????  SMH.  Let’s peel away just one layer of the onion… Just one layer, no analysis needed on this one.

Companies with investments in Connect:Direct and/ or Connect:Enterprise have to think long and hard about continuing their reliance on the NDM protocol.  We aren’t talking about just two or three companies, we are talking about thousands of financial, manufacturing, healthcare and telecomm companies.  So we need some advice on this one…

read more “Peeling the Sterling Onion”

In the automated file transfer world there are two general user experiences.

Workflow #1: Inbox/Outbox – When an end user (or application) signs on, it sees either one or two folders: an “inbox” where it can drop files and an “outbox” where he/she/it can pick them up.  Frequently when items are placed into the inbox they disappear into an internal system almost immediately.  Frequently when items are downloaded from the outbox they also disappear immediately.

A common variation on this is the combined inbox/outbox where any items visible to the end user are “outbox” items and end users simply upload new items, which do disappear immediately, to the same folder.

read more ““Inbox/Outbox” vs. Folders When Designing File Transfer Workflows”

A quick summary of key industry happenings:

A) The economic impact of piracy (including software) is *really* not understood: http://www.gao.gov/products/GAO-10-423. See pages 15 – 19 of the full report in particular.

I’ve always been skeptical of the piracy claims, good to see someone actually reviewed them. I think it is better for the industry to focus on the valued real customer rather than to fabricate and fret about the unknown and unquantifiable pirate customer.

read more “HTML 5, Memristors and Software Piracy”

I spent the day today at the CompuCom vendor fair in Dallas, TX.  CompuCom is one of Ipswitch’s sales channel partners, and the purpose of attending today’s event was to talk about Ipswitch File Transfer solutions with CompuCom’s team of account managers and sales representatives.

Today’s goal was to raise awareness, education level and excitement about  Ipswitch File Transfer solutions among CompuCom’s 130 or so software sales associates so that they, in turn, will proactively pitch our solutions to their accounts and ultimately close more deals.

I walk away having had dozens of conversations that align with our focus of solving real business problems.   The days of selling “feature feature feature” are over.  In past years, literally thousands of sales centered on a laundry list of features such as 256-bit AES encryption, FTPS, SHA-512 file integrity and administrative separation of duties.  Today, a large (and growing) number of sales conversations center on higher-level topics such as policy enforcement, risk mitigation, visibility into all internal and external file interactions, and how to give end users a simple and secure way to quickly transfer files with other people.

It was definitely a very worthwhile event to participate in and I believe that we successfully raised mindshare and interest level in our portfolio of secure managed file transfer solutions within CompuCom.  And it’s always nice to see some x-large belt buckles while hearing a few success stories from sales reps about how they recently closed some juicy deals.