In the late 1980s when I was working for a landline company in the Midwest, we ordered some used 3380s. The previous owner had not cleaned their data from the volumes. After determining it wasn't our data, we initialized the volumes and started using them, but that data did escape the control of the previous owner.
Bob Longabaugh Quality Assurance CA Technologies Storage Management -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jousma, David Sent: Friday, February 06, 2015 2:48 PM To: [email protected] Subject: Re: Anthem Healthcare Hacked I'll be honest. I do not understand the need for encryption at the disk hardware control unit level. I get it for tape, if tape is being transported, or handled by humans. Seems like that would *only* protect data if the DASD box was being transported somewhere, or you threw the old disks away with data still on them. Any of those situations are clearly remediated by good procedures. Any access from within the datacenter is going give you unencrypted data, right? What is needed is dataset/file/record level encryption so that certain data can only be decrypted with the correct credentials. That may or may not have avoided the problem at Anthem, depending on the ID they were able to steal. I am one of those affected by this breach. I know the news is reporting that the database had 84Million subscribers data in it, but they are still ascertaining what data was actually read. But as one of the news media reported, 84M is almost 1/3 of the US population. I suspect we are going to see changes in the health care industry(and others) similar to what PCI did for financial institutions. The data stolen is much more damaging than bank accounts. Bank accounts can be closed/changed, etc. This will haunt me, and family for life. _________________________________________________________________ Dave Jousma Assistant Vice President, Mainframe Engineering [email protected] 1830 East Paris, Grand Rapids, MIĀ 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Tony Harminc Sent: Friday, February 06, 2015 3:34 PM To: [email protected] Subject: Re: Anthem Healthcare Hacked On 6 February 2015 at 14:22, Tom Brennan <[email protected]> wrote: > Maybe someone can tell me what difference it makes whether the data > was encrypted on disk or not (as some news reports are talking about). > I mean, if I do a SELECT * from an admin id I must be going through > the decrypt process, right? So it makes little difference if the > source data is encrypted I would think. It depends on how the data is leaked, or "exfiltrated" to use a word we've heard rather too much of lately. If it's through the intended app or user interface to which the attacker has obtained credentials, then yes, it's probably all nicely decrypted and ready to go. But presumably any such app has controls on who can look at what data, and probably who -- even if authorized -- can look at how *much* data. Otoh, if the data is leaked from e.g. a backup file or captured in transit, then encryption will probably keep it from being useful. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
