Though both events involved hacking, the 160,000 medical records stolen from UC Berkeley and the health care data of 8.3 million patients stolen from Virginia’s Department of Health Professions indicate a deeper issue—one that is often bypassed as we hurry toward bigger and better security through technological means. I’m referring to the importance of personal verses corporate information.

While the thieves hoped to benefit from their antics monetarily (the Virginia records are actually being held for ransom), that doesn’t answer the deeper question of why the thieves chose to steal medical records instead of stealing corporate information that was equally valuable but wouldn’t have harmed people in a personal way.

While we could chalk it up to these thieves being particularly evil or conniving, it could also be that the thieves knew that stealing such personal information would illicit more of a response from the media, the organizations they stole from, and the individuals who had their information stolen than if they had stolen corporate information that was considered valuable, but didn’t involve information that was damaging on a personal level.

Many of us currently base the importance of information on how much money it would cost to retrieve or fix if compromised, or how much time, money, and resources should be put into protecting it in the first place. However, attacks like the ones that recently occurred at UC Berkeley and the Virginia Department of Health Professionals should make us step back for a moment and ask ourselves if we’re prioritizing information in the right way.

While information gained from a corporate source can sometimes be damaging to individuals, it is often better protected and further removed than something as personal as medical records. To put it succinctly, which would you rather have stolen: Your credit card numbers, or your medical information? (Remember that medical information includes your SSN, birth date, etc.)

There’s no denying that it’s important to think about how our actions or potential attacks from less-than-stellar individuals would affect ourselves and the corporations we work for. But instead of always seeing things through the lens of the bottom line or the bottom dollar, maybe we should start putting the focus back where it belongs: On how it’s going to affect people, and how damaging that affect would be on them.

o     o     o     o     o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.