Update: Thief nabs backup data on 365,000 patients
An employee for a health care firm in Portland, Ore., had tapes, disks in his car
Computerworld - About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records.
In an announcement yesterday, Providence Home Services, a division of Seattle-based Providence Health Systems, said the records and other data were on several disks and tapes stolen from the car of a Providence employee at his home. The incident was reported by the employee on Dec. 31, according to the health care system.
The tapes and disks were taken home by the employee as part of a backup protocol that sent them off-site to protect them against loss from fires or other disasters. That practice, which was only used by the home health care division of the hospital system, has since been stopped, said health system spokesman Gary Walker.
"This was only done in one area of the company," Walker said. "It did not involve the hospital's database [of patients]....That one part of the company was sending data home off-site. But we should have reviewed the policy."
Walker said Thursday that the data on the tapes was encrypted, but today he corrected that information. Instead, some of the data on the tapes was password-protected at the application level, he said, while the rest of the data was stored in proprietary file formats without password-protection. "Our IT person and I ... miscommunicated about what is being done and what was being done."
The data on the disks, meanwhile, was in a proprietary file format that was not encrypted, but "is stored in a way that would make it difficult, if not impossible, for someone to access it, then make any sense out of it," he said.
From now on, all data will be made secure using additional technologies, according to Walker. "We are encrypting all the material we can encrypt now," as the health care system reviews all of its procedures and security, he said. "We are sorry that this happened and we don't want it to happen again."
Providence officials said there have been no reports that any of the stolen information has been used improperly since the incident.
Providence is notifying affected patients by mail about the theft. The information on the disks and tapes included names, addresses, dates of birth, physicians' names, insurance data, diagnoses, prescriptions and some lab results. For approximately 250,000 of the patients, Social Security numbers were on the records, according to the health system. Some of the records also included patient financial information.
Rick Cagen, CEO of
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts