Slashdot Mirror

← Back to Stories (view on slashdot.org)

Medical Data on 365,000 Patients Stolen

Posted by CowboyNeal on from the bandwidth-and-station-wagons dept.

Anonymous writes "Backup tapes and disks with data on 365,000 patients were stolen out of the car of a worker at a healthcare company in Portland. According to this Computerworld story, the tapes were in his car because he took them home as part of a disaster recovery plan, to protect the information from fire and other on-site disasters. D'oh!"

4 of 226 comments (clear)

  1. Is it really theft? by rolfwind · · Score: 4, Interesting
    The incident is the second data theft from a motor vehicle announced this week. Yesterday, Minneapolis-based financial services company Ameriprise Financial Inc. said it is notifying some 158,000 customers and 68,000 financial advisers that a laptop containing personal information about them -- including names, account numbers or Social Security numbers -- was stolen from a parked car late last month (see "Ameriprise notifying 226,000 customers, advisers of data theft").


    I can see hard disks being stolen..... but not tapes in the one case. Thieves like to take items with obvious value. Am I missing something here? Isn't it possible the workers simply sold the data?
  2. Partially encrypted by krray · · Score: 4, Interesting

    At least the tapes were encrypted (not the disks in this incident). Even though this case doesn't affect me this was the first question that (always) pops in my head.

    For much the same reasons cited here our company backups are taken offsite (daily) -- only difference is that instead of tapes and disks we found that for speed, volume, and cost it was better to go with external hard drives (I figured this out almost ten years ago myself :).

    Even though we are a small organization (under a few hundred employees) the data is encrypted. That was step one and one of the most important IMHO. The average Joe who finds / steals any of our external drives (which has never happened thankfully) would be hard pressed to even figure out the filesystem (Ext3). Not that that would really slow down anybody who knows what they're doing -- nor was it done for security (I just like / trust Linux :).

    Of course I can think of other problem areas where data is flying around unencrypted and sensitive. The Department of Employment Security (which many states all report to for and through payroll to track dead beat dads) takes their data with your social security number in a plain ASCII text file sent through the US mail on a floppy. What happens when you lose a floppy, or what do they do with the processed disks?

    Fortunately and unfortunately we need and there will be laws requiring any such sensitive information to be encrypted for "National Security" (Big Brother [tm]) reasons. It's only a matter of time. It is unfortunate that it will take a law and more bureaucratic BS to make this happen, it is fortunate for all our privacy and the fact someone has to program this (more work for me :).

  3. I Live In Fear of This by good+soldier+svejk · · Score: 4, Interesting

    I also work at a healthcare provider adn deal with this exposure every day. Normal backups provides us no disaster recovery value because our recover point objective is measured in minutes. Tape simply can't meet it. Likewise if we were to attempt to restore the entire operation from tape it would take months. Just acquiring hardware would take weeks. But our recovery time objective is forty-eight hours. Basically, if we go longer than that we are out of business. So long term, our DR strategy is based on storage and app level replication between data centers. But as it stands, we only have one site. Consequently we send our backups offsite, essentially as a placebo. But it gets better. We don't have the drive resources to duplicate tape, so we send the originals offsite. That means that if we need to do a restore we must wait an hour for someone to retrieve the tape and reinject it into our library.

    Let's review here: we have a fake DR strategy which adds an hour to every file restore and exposes us to data theft. Sounds good huh? I have repeatedly told our brass it would be better to do nothing, but their position is "We don't want to tell the newspapers we had no DR strategy when the disaster strikes."

    How do we remediate this? Well, we could encrypt the tape but that is a big pain in the ass and has its own disadvantages. Really, the answer is to get off our ass and build a DR data center so the potentially deadly placebo goes away.

    --
    It is cowardly, and a betrayal of whatever it means to be a Jew, to act as a white man

    -James Baldwin
  4. Re:My take... by shilly · · Score: 4, Interesting

    I'm surprised you don't think there is any real risk attached to the leaking of medical records. The risks are real and there are documented instances of their occurrences of failures with severe consequences. These include the IRA penetrating the medical records system at the Royal Victoria Hospital in Belfast to target police officers; a bank manager on the board of a US hospital finding out which of his customers had cancer and foreclosing the loans; and US insurers have disclosed health information about customers to lenders and employers without permission.

    Many people are vulnerable to blackmail about sensitive aspects of their medical records, including--but hardly limited to--sexual and mental health. Similarly, people may avoid seeking medical advice for such conditions if they fear that they cannot speak in confidence. And large networked databases simultaneously increase the value of the data to malicious users (more chance of finding something interesting) and the opportunities for access.

    Of course, the major threats are all internal, not external -- malicious insiders.