Follow-up: South Shore Hospital Reports Findings from Investigation into Missing Back-Up Computer Files

Posted on by Dissent

A statement from South Shore Hospital posted today on their web site reveals the names of other entities involved in the sequence of events in a recent breach and reports their conclusions following their investigation:

South Shore Hospital today announced that it has completed its investigation into the loss of its back-up computer files. All available evidence indicates that the files are unrecoverable and that there is little to no risk that information on the files has been or could be acquired, accessed or misused. South Shore Hospital has reported the findings of its investigation to the Massachusetts Attorney General’s Office and to the US Department of Health and Human Services.

[…]

South Shore Hospital has concluded that there is little to no risk that information on the files has been or could be acquired, accessed or misused based on the following key investigation findings:

  • The back-up computer files were stored on unmarked computer tapes that were packed in three sealed boxes.  The boxes were wrapped together on a shipping pallet and had no indication on the outside or inside that they contained confidential information.
  • South Shore Hospital, the private investigation team, and Ohio-based R+L Carriers – the company that transported the files for offsite destruction – conducted multi-state searches for the two missing boxes.  All available evidence indicates that the three boxes of computer tapes were likely separated from each other during transport.  Once separated, two of the three boxes were unidentifiable because they were unmarked and appeared to be of no value.  As a result, those two boxes of computer tapes are believed to have been disposed of in a secure commercial landfill that R+L Carriers uses to dispose of unclaimed materials and are therefore unrecoverable.
  • Even if the computer tapes were found, Huron’s experts have concluded that specialized equipment, proprietary software, sophisticated knowledge, time and financial resources would be required to access, aggregate, interpret and ultimately use information on the files. View an executive summary of Huron’s report.

    • Read the entire statement on their site.

    Via Boston Herald.  Cross-posted from PHIprivacy.net.

    Category: Breach IncidentsHealth DataLost or MissingSubcontractorU.S.