Update: Thief nabs backup data on 365,000 patients

Todd Weiss   Today’s Top Stories    or  Other Disaster Recovery Stories  

Data Protection and Disaster Recovery with iSCSI and VMware Disaster Recovery Simplified - iSCSI and VMware Site Recovery Manager Deliver Results HP Puts Its Disaster-tolerant Capabilities to the Test IDC Report - Major Considerations for Deploying a Thinly Provisioned Storage Solution Case Study: Simplified DR Planning and Implementation Virtualized iSCSI SANs: Flexible, Scalable, Enterprise Storage for Virtual Infrastructures Computerworld Report: Virtual Reality Computerworld Report : Smart Storage Computerworld Report: Storage Gets Strategic Sign up to receive Security Resource Alerts

January 26, 2006 (Computerworld) -- About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records.
In an announcement yesterday, Providence Home Services, a division of Seattle-based Providence Health Systems, said the records and other data were on several disks and tapes stolen from the car of a Providence employee at his home. The incident was reported by the employee on Dec. 31, according to the health care system.
The tapes and disks were taken home by the employee as part of a backup protocol that sent them off-site to protect them against loss from fires or other disasters. That practice, which was only used by the home health care division of the hospital system, has since been stopped, said health system spokesman Gary Walker.
"This was only done in one area of the company," Walker said. "It did not involve the hospital's database [of patients]....That one part of the company was sending data home off-site. But we should have reviewed the policy."
Walker said Thursday that the data on the tapes was encrypted, but today he corrected that information. Instead, some of the data on the tapes was password-protected at the application level, he said, while the rest of the data was stored in proprietary file formats without password-protection. "Our IT person and I ... miscommunicated about what is being done and what was being done."
The data on the disks, meanwhile, was in a proprietary file format that was not encrypted, but "is stored in a way that would make it difficult, if not impossible, for someone to access it, then make any sense out of it," he said.
From now on, all data will be made secure using additional technologies, according to Walker. "We are encrypting all the material we can encrypt now," as the health care system reviews all of its procedures and security, he said. "We are sorry that this happened and we don't want it to happen again."
Providence officials said there have been no reports that any of the stolen information has been used improperly since the incident.
Providence is notifying affected patients by mail about the theft. The information on the disks and tapes included names, addresses, dates of birth, physicians' names, insurance data, diagnoses, prescriptions and some lab results. For approximately 250,000 of the patients, Social Security numbers were on the records, according to the health system. Some of the records also included patient financial information.
Rick Cagen, CEO of Providence's Portland service area, said new backup procedures are being implemented using more traditional IT means, including secure sites in remote locations for safety and redundancy. "We do have alternate practices now," Cagen said.
The four-week delay in publicly announcing the theft was needed so Providence officials could recreate the stolen data and identify the patients who needed to be contacted, he said. The delay was also caused in part by the large number of records that had to be processed, he said.

"We realize this is a major inconvenience and cause for real concern, and we deeply apologize to everyone affected by this incident," Cagen said. "Even though we have no indication that the thief has accessed the data, we are doing all we can to help our patients and employees protect their information."
The incident is the second data theft from a motor vehicle announced this week. Yesterday, Minneapolis-based financial services company Ameriprise Financial Inc. said it is notifying some 158,000 customers and 68,000 financial advisers that a laptop containing personal information about them -- including names, account numbers or Social Security numbers -- was stolen from a parked car late last month (see "Ameriprise notifying 226,000 customers, advisers of data theft").


"Data Security Breaches" RSS feed

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Analysis: Data breach notification law unlikely this year Idaho utility hard drives -- and data -- turn up on eBay Ohio University reports two separate security breaches

Aetna says laptop stolen with data on 38,000 members Ohio recalls voter registration CDs; Social Security numbers included FBI: No credit card data breach in N.H. state server case

"Security people can talk until they're blue in the face about the dangers of unsecured Windows PCs and how they..." Read more... "Despite some progress, many federal agencies appear unlikely to meet an Oct. 27 deadline for completing the roll-out of new..." Read more... Read more Security posts or See all Blogs

XP SP3 cripples some PCs with endless reboots Microsoft to patch four bugs on Tuesday Web attack worm on a rampage More top stories...

Microsoft grows DAISY for blind computer users while Adobe wilts Leopard at six months: Does it live up to the early hype? Mozilla shipped worm with Firefox add-on

5 easy ways to commit career suicide Mistakes such as putting down co-workers or burning bridges when you resign are surefire ways to darken your career prospects. Here's how to avoid them Opinion: Get ready for these 6 game-changing technologies Hype and promises abound in the IT world, but these six breakthroughs really will change your life, says author and former IT manager John Brandon. What brain drain? Baby boomers are retiring and taking their knowledge with them. Why do so few in IT seem to care? Tales from the crypt: Our first computers Computerworld editors share stories of their first PCs, including some classics and some real clunkers -- then we ask readers to share their early-PC tales. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? This webcast will air on Wednesday, May 7th at 2:00 PM EDT/11:00 AM PDT. Go to the webcast  Developing FIPS 140-validated Solutions for the Federal Government Using RSA BSAFE Software Get this white paper! (Source: RSA) The U.S. House of Representatives' Committee on Government Reform recently released the 2005 edition of its Federal Information Security Management Act (FISMA) report card. Unfortunately, the news was not good. The 25 major government agencies reported 15% of the IT systems remained uncertified/unaccredited while 6 agencies lacked effective corrective action plans, illustrating little improvement in the level of information security for government agencies compared to previous reports. Government agencies at all levels are entrusted with sensitive information about citizens, military personnel and others. As is the case with private industry, breaches of that information can create a public relations debacle and end up costing dearly-not just monetarily, but in public trust. Defense, security and diplomatic agencies are entrusted with even more sensitive information, which, in the wrong hands, could threaten national and international security. Download this white paper  Computerworld Report: Virtual Reality Download this Computerworld Report, free for a limited time, compliments of HP. (Source: HP) The data center is real, but storage is turning virtual at many organizations that need to manage exploding storage needs. Learn about how virtualizing your enterprise will save you money in this Computerworld report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. License Optimization: Get to One Version of the Truth Gaining Insights Through Analytics Butler Technology Audit Report View more whitepapers

• Analysis: Data breach notification law unlikely this year
• Idaho utility hard drives -- and data -- turn up on eBay
• Ohio University reports two separate security breaches
• Aetna says laptop stolen with data on 38,000 members
• Ohio recalls voter registration CDs; Social Security numbers included
• FBI: No credit card data breach in N.H. state server case

• XP SP3 cripples some PCs with endless reboots
• Microsoft to patch four bugs on Tuesday
• Web attack worm on a rampage
• More top stories 

Security Management Zone Security management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones



Try Fluke Networks' EtherScope Analyzer on your network FREE Quickly solve the wide range of problems you encounter - 10, 100 and Gigabit, twisted pair and optical fiber, LAN or wireless LAN. The EtherScope Analyzer combines the essential tools you need to monitor network traffic and switch interfaces, discover devices, networks, VLANs, access points, mobile clients and more. See the power of this portable network analyzer on your network. Request free trial now *Terms and conditions: Evaluation units are available only for a limited time and will be scheduled on a first-come first-served basis. Not available in all geographies. Limited quantities available; customers requesting evaluation units may be waitlisted for the next available unit. It will be at the discretion of Fluke Networks to accept or decline requests for this free evaluation.