Wendy Leonard reports:
Patients flown by Life Flight helicopters during at least three months of 2004 were advised Friday that their personal information may have been compromised.
The information, collected from patients in April, May and June of that year, was inadvertently put on an employee website where it may have been accessed by individuals outside of the emergency transport company.
[…]
Online access to the information, which is believed to contain Social Security numbers for 107 of the 842 patients transported during that time, is no longer available online, as all files have been moved behind a secure firewall, Butts said.
Birth dates, brief medical information and the city of residence were listed for most patients and should have been protected by a password. The simple protection turned out to be less than adequate.
Read more on Deseret News.
So why did data from 2004 have to be connected to the Internet at all? Why wasn’t it moved to a drive or server with no connection? And for how long was it exposed on the Internet?