Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backup Tapes With 2 Million Medical Records Stolen

Posted by Soulskill on from the doctor-patient-thief-confidentiality dept.

Lucas123 writes "A vehicle used by an off-site archive company to transport patient data was broken into on March 17. The University of Miami just made the theft public last week, saying the thieves removed a transport case carrying the school's six computer backup tapes. On those tapes were more than 2 million medical records. In fact, the archive company waited 48 hours before notifying the university itself. A University spokeswoman said the school has stopped shipping backup tapes off-site for now."

5 of 173 comments (clear)

  1. Re:yes but what's the value by Jhon · · Score: 3, Informative

    Why would someone steal the tapes? What is there value.


    What would YOU pay for 2 million social security numbers?
  2. Re:yes but what's the value by WaltBusterkeys · · Score: 5, Informative

    Why would someone steal the tapes? What is there value. From TFA: The stolen backup tapes hold names, addresses, Social Security numbers and health information

    On the black market these days, a full identity (name, SSN, address, bank information, etc) can go for $14 each. If the tapes had full identities, that's 2 million x $14 = $28 million payday for a bunch of crooks. Even assume a "volume discount" for these guys and they're still in the many million dollar range. Even if it's just name, address, and SSN there's some value on the black market for these tapes.

    When you're breaking into a vehicle filled with stuff that looks like computer equipment, it's hard to know whether the data is going to be social security numbers (valuable), credit card numbers (valuable), medical records (valuable if there's addresses and SSNs), or routine corporate records (not all that valuable). Enough data brokers are sloppy enough with their security that there's a good chance to get some identity information that has value.

    These guys were either extremely lucky or knew exactly what they were doing. Or they're complete idiots who are wondering why these tapes won't play on their 8-track player.
  3. Re:yes but what's the value by Digestromath · · Score: 2, Informative
    Not to mention there is also the potential for blackmail. If anyone on the tapes has a serious, publically undisclosed, and socially stigmatic medical condition its ripe.

    For Example: Alot of people don't want to publically share that they have STDs etc. Especially not if the files are cross linked with a list of their sexual partners.

    While sale for identity fraud would most likely be the most profitable, there are alternative uses for this data. Given the enterprising nature of most criminals, this is a gold mine.

  4. Re:*Still* no encryption?? by Xtravar · · Score: 2, Informative

    Somehow I doubt that this is just an Access file, sorry. Or even a SQL dump. They're not complete idiots. Chances are, since it's a health system, it probably uses a post-relational database, typically of this variety: http://en.wikipedia.org/wiki/MUMPS

    Which means the file format could be anything...

    I'm just glad they're not our customer. 8-)
    --
    Buckle your ROFL belt, we're in for some LOLs.
  5. Re:*Still* no encryption?? by jimicus · · Score: 4, Informative

    Why would you still use antiquated mainframes for your backups, particularly if it's 2 million records? If something happened at your site you'd need a similarly antiquated mainframe just to get your data back. That makes very little sense. Three reasons:

    1. It works.

    2. IBM (assuming they are using IBM kit) mainframes are still being built today, and while they're totally different internally to the systems of 30 years ago, they're still compatible.

    3. This is what companies like SunGard and IBM (yes, they have a DR consultancy team) specialise in. You tell them what equipment you'll need in a disaster recovery scenario, they agree to loan it to you. In which case, who cares how old the system is?