It was only a month ago since I wrote that a bungling Pfizer manager gave her Pfizer computer password to her spouse. He loaded a file sharing program on the laptop, which then passed on detailed information, including social security numbers for 17,000 Pfizer employees, to cyber crooks. And now this has happened again.
The Day reports that two Pfizer computers disappeared from a car on May 31 in Boston. The data on those computers included the names, addresses, social security numbers and cell phone numbers of health-care professionals who “were providing or considering providing contract services for Pfizer.”
It took Pfizer six weeks to notify its employees of the first breach. Many were furious, because sales reps receive FedEx packages with promotional material every week, but for this emergency Pfizer resorted to snail mail delivery. This second time, according to the attached letter, it took about seven weeks to notify affected individuals, based on the date on the cover letter addressed to them.
And here's the next strange twist.
Connecticut Attorney General Blumenthal was notified just recently, according to the Day, in spite of the fact that the letter to him was dated July 20. The attached, faxed, letter at the top contains two date stamps, both from August 13 (see page 6). It is unclear if it took this long for the Attorney General's office to receive the letter.
Blumenthal told the Day, “I am deeply disturbed and troubled by these continuing security problems with information that should be closely safeguarded. “This kind of information should be treated as if it was cash because it has the same value as cash to someone who might misuse it.”
The good news? Even if the data was not encrypted, the computers were password protected.
- Peter Rost, M.D. is a former VP of Pfizer and the author of Killer Drug and The Whistleblower.
Comments