Slashdot Mirror
Medical Data on 365,000 Patients Stolen
Anonymous writes "Backup tapes and disks with data on 365,000 patients were stolen out of the car of a worker at a healthcare company in Portland. According to this Computerworld story, the tapes were in his car because he took them home as part of a disaster recovery plan, to protect the information from fire and other on-site disasters. D'oh!"
They still have the originals, so they can make a new set of backups!
do they have a recovery plan for this disaster?
The higher the technology, the sharper that two-edged sword.
"But we know the data's safe! We just have no idea where the hell it is."
From TFA:
;)
The data on the tapes was encrypted, Walker said. The data on the disks was in a proprietary file format that was not encrypted, but "is stored in a way that would make it difficult, if not impossible, for someone to access it, then make any sense out of it," he said.
So not as bad as the summary seemed to indicate, but still not the greatest thing to have happen.
Especially if that proprietary file format "difficulty" is just the fact that the files are in some old version of Word.
I watched C-beams glitter in the dark near the Tannhauser gate.
Oh, and make sure the vault they keep them in is a)real and b) really able to withstand ANY disaster.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
...on eBay.....
Windows in 6 Bytes (IA-32) : 90 90 90 90 CD 19
You've got to wonder why these people didn't have this stuff encrypted... An encrypted filesystem at least or straight up file encryption even... When are these companies going to get a clue?
And storing the tapes in your car? What happens if it's 100 degrees outside?
Where i work, they make the backup copies and have someone drive them to one of the other branches at the company. They make a backup every day and keep seven days worth of backup in rotation so if something went wrong 6 days ago and they backed up the problem every day, they ahve the 7th backup left to work with...
Unfortunatley i don't know what their view on encrypting the data is. With as anal retentive as the IT VP is about security though, i can't imagine they wouldn't be encrypted...
At my clinic where there is an EHR (Electronic Health Record) there is built in redundancy with multiple servers in different locations. It is hard to believe that a hospital system as big as Providence (which owns hospitals in multiple NW states) could have something as stupid as someone taking home a backup in their car.
sig here
I can see hard disks being stolen..... but not tapes in the one case. Thieves like to take items with obvious value. Am I missing something here? Isn't it possible the workers simply sold the data?
Why couldnt he just scp the crap to his home computer and tape it there? Seems rather simple to me. Oh wait! maybe thats not secure enough....
Cue the "bandwidth of a station wagon of backup tapes" cliches? If it's stuff they really don't want stolen, why not buy a safe for his car? Better yet, give him a company truck/van with secure storage. If they have 365,000 patients (customers) then they can surely afford to protect their information.
Now I don't have cancer anymore!
At least the tapes were encrypted (not the disks in this incident). Even though this case doesn't affect me this was the first question that (always) pops in my head.
:).
:).
:).
For much the same reasons cited here our company backups are taken offsite (daily) -- only difference is that instead of tapes and disks we found that for speed, volume, and cost it was better to go with external hard drives (I figured this out almost ten years ago myself
Even though we are a small organization (under a few hundred employees) the data is encrypted. That was step one and one of the most important IMHO. The average Joe who finds / steals any of our external drives (which has never happened thankfully) would be hard pressed to even figure out the filesystem (Ext3). Not that that would really slow down anybody who knows what they're doing -- nor was it done for security (I just like / trust Linux
Of course I can think of other problem areas where data is flying around unencrypted and sensitive. The Department of Employment Security (which many states all report to for and through payroll to track dead beat dads) takes their data with your social security number in a plain ASCII text file sent through the US mail on a floppy. What happens when you lose a floppy, or what do they do with the processed disks?
Fortunately and unfortunately we need and there will be laws requiring any such sensitive information to be encrypted for "National Security" (Big Brother [tm]) reasons. It's only a matter of time. It is unfortunate that it will take a law and more bureaucratic BS to make this happen, it is fortunate for all our privacy and the fact someone has to program this (more work for me
For some reason this is seaming to be a popular activity. I remember hearing a few years back in school about a sysadmin bringing the tapes home for offsite backup. There actually was an incident where he needed to get information off the tapes. Each tape he tried was corrupted. After doing some investigation, it turned out that the magnetic field from his car's seat heater was corrupting them.
Bottom Line: Secure transport and storage plans are required no matter how sensitive or mission critical your information is.
Proof by very large bribes. QED.
I also work at a healthcare provider adn deal with this exposure every day. Normal backups provides us no disaster recovery value because our recover point objective is measured in minutes. Tape simply can't meet it. Likewise if we were to attempt to restore the entire operation from tape it would take months. Just acquiring hardware would take weeks. But our recovery time objective is forty-eight hours. Basically, if we go longer than that we are out of business. So long term, our DR strategy is based on storage and app level replication between data centers. But as it stands, we only have one site. Consequently we send our backups offsite, essentially as a placebo. But it gets better. We don't have the drive resources to duplicate tape, so we send the originals offsite. That means that if we need to do a restore we must wait an hour for someone to retrieve the tape and reinject it into our library.
Let's review here: we have a fake DR strategy which adds an hour to every file restore and exposes us to data theft. Sounds good huh? I have repeatedly told our brass it would be better to do nothing, but their position is "We don't want to tell the newspapers we had no DR strategy when the disaster strikes."
How do we remediate this? Well, we could encrypt the tape but that is a big pain in the ass and has its own disadvantages. Really, the answer is to get off our ass and build a DR data center so the potentially deadly placebo goes away.
It is cowardly, and a betrayal of whatever it means to be a Jew, to act as a white man
-James Baldwin
Google's page count mysteriously jumps by 365,000 records. Coincidence? You decide.
It took me a minute to decypher that cyrptic comment, but look at these two parts from the article together:
In an announcement yesterday, Providence Home Services, a division of Seattle-based Providence Health Systems, said the records and other data were on several disks and tapes stolen from the car of a Providence employee at his home. The incident was reported by the employee on Dec. 31, according to the health care system.
The data on the tapes was encrypted, Walker said. The data on the disks was in a proprietary file format that was not encrypted, but "is stored in a way that would make it difficult, if not impossible, for someone to access it, then make any sense out of it," he said.
So think about it - Tapes AND Disks were stolen (at first I had thought it was just tapes). The hard to read media (tapes) were encrypted. But it doesn't matter, chuck 'em in the river because the DISKS (fasr easier to read by any fool with a computer) have data that is in a format that is just "hard to read"!!
Give me five minutes with Emacs and/or a Hex editor and/or Strings and I'll bet I could start churning SSN's out of the files right quick! I don't care if they are ISAM or DB2 or Pig-Latin! Security by file format obscurity is zero security, that data has to be treated as widely known at this point.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This must be some new meaning of the word encrypted that I was previously unaware of.
$20 says the worker is the one that "stole" the tapes. Who randomly walks up to a car and says "Oh look! Patent info! I'll take this home right away and start using my cryptography techniques to unlock it right away!"
Ex nihilo nihil fit.
I work for a healthcare organization in the same state as Providence (the number of them is pretty small so you could probably guess). Just last month we were reviewing policies to cover just this contingency.
Washington law demands that notification occur if there's any chance that the information could be used criminally. Since we too operate in Washington, we're also complying with that law.
Essentially you must notify each person directly unless the cost of doing so is upwards of a million dollars or so. There's then some contingencies where you can take out ads in major newspapers.
There's some strange exceptions to the rule. If our hospital accidentally sends clinical information to the wrong insurance provider and it's your normal mix-up rather than a potentially criminal act, that doesn't require notification. It sounds like if it wasn't the case, people would get notified all the time.
I expect to hear about this tomorrow when we go to work. I work fairly closely with the woman who manages these risks in our organization and she'll likely be hearing all about it. Scary stuff.
By the way, did you know some insurance companies use SSN as the contract #? Surely things are better after HIPAA comes effective, but then it did happen.
Well, finally a Slashdot post I can write about with some experience. FWIW, I'm a physician in Portland and medical informatics is an interest of mine.
First of all, while it may shock many IT people that hospitals would use such rudimentary forms of backup and with little encryption, you have to understand that the state of IT in the medical world is backwards. Very backwards. There are a variety of reasons for this. One is that information systems are designed by IT people with little to no understanding of how the healthcare system works (which is understandable - many people in healthcare have little understanding of how it works). At the same time, you have healthcare professionals who really don't understand the full potential of how IT can be applied to healthcare or what its limitations are, but at the same time will complain about solutions that the IT world comes up with. There's this chasm between the two worlds and what you end up getting is a solution that no one likes and you end up having to go back to the drawing board over and over and over. It is absolutely amazing how much money gets sunk into medical IT and how very little progress it has made.
Another reasons includes the vast amounts of red tape in the medical world that are MEANT to prevent lawsuits and provide the best quality healthcare. But there's so much that it what it really ends up doing is bringing any kind of progress or new idea to a grinding halt. There is no industry I can think of which is so ill adapted to making changes even when they're necessary or make sense. The legal world has the medical world frozen in fear of the next litigation. The result is a paradoxical decrease in healthcare quality and increased costs.
Medical information privacy is one of those issues that seems to always be #1 on the list of concerns of electronic medical records. This has always been rather strange to me. How many people are really all that concerned with someone knowing about their cold, or their broken leg? Most people don't have much they would really care about hiding in their medical records. Of course, there are the people with mental illness, HIV, or sexually transmitted diseases. But even then, what exactly is this thief going to do with that information? IMHO medical information privacy is more of a theoretical concern than a real-life concern.
And then of course, there's the REAL reason people are considered with medical information being digitized identity theft for money reasons. I really blame the credit card industry for this more than anyone else. It's surprising to me that they could simply issue a credit card if someone just writes down a name, social security number and address. In this day and age with inexpensive biometric security systems, one would think they could require a submission of a fingerprint (or two). Hell, nowadays with branch offices literally EVERYWHERE, they could simply request you come in with your driver's license. It seems to me that it would be in a bank's best financial interests to do something like this.
Just my $0.02.
"The only normal people are the ones you don't know very well."
Show me the place where HIPAA says you can't send medical information over the internet...
And if you can (which you can't) you will find that every state health agency in the country, most federal agencies, and most hospitals and health care providers are in violation.
HIPAA only requires you to make every possible effort to protect data. Protection can include things like encryption and tunneling, all the way down to privacy screens and closed office doors.
Nothing about not using the internet...