Posted July. 22, 2008 09:07,
A government audit said yesterday that the National Health Insurance Corp. and the National Pension Service have poorly protected the personal information of their subscribers.
The main opposition Democratic Party yesterday released the results of audits on both organizations showing they failed to keep accurate records on whom and how many times subscriber information was accessed.
The results were announced by party lawmaker Chun Hyeon-hee.
The Health, Welfare and Family Affairs Ministry said in the report, After tracking down the search records on the personal information of 20 random well-known figures including celebrities, we found 11 employees of the health insurance corporation looked up personal information 31 times for non-work related purposes.
A pension official also looked up data on his friends son who ran away from home. Another official did so on an acquaintance with a common hobby to check something without due cause.
Both public firms had systems to automatically update all data on electronic access to subscriber information to prevent illegal searches. The system, however, did not record the number of searches for information, modification and deletions with a separate database access tool.
Furthermore, national health insurance employees had unrestricted access to a subscribers personal information as long as they entered a name without giving due cause.
Another troubling revelation was that the health insurance corporations security system including its IP control could be accessed without a password.
Things were not much different at the pension service, whose main internal server allowed access to uncertified users. Worse, the unencrypted password of the server administration could be easily hacked by an outsider, making the system a target for hackers to illegally enter the system or leak and manipulate information.