Three unencrypted computer backup tapes containing patient billing and employee payroll data have been reported missing from a Nemours facility in Wilmington, Delaware. The tapes were stored in a locked cabinet following a computer systems conversion completed in 2004. The tapes and locked cabinet were reported missing on September 8, 2011 and are believed to have been removed on or about August 10, 2011 during a facility remodeling project.
There is no indication that the tapes were stolen or that any of the information on them has been accessed or misused. Independent security experts retained by Nemours determined that highly specialized equipment and specific technical knowledge would be necessary to access the information stored on these backup tapes. There are no medical records on the tapes.
“This is an isolated incident unrelated to patient care and safety,” said David J. Bailey, M.D., President and Chief Executive Officer. “The privacy of our patients, their families, and our employees and business partners is a high priority to all of us at Nemours.”
The information on the tapes dates principally between 1994 and 2004 and relates to approximately 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida. The missing backup tapes contained information such as name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information.
Nemours is notifying individuals who may have been affected and offering them one year of free credit monitoring and identity theft protection as well as call center support. Additionally, Nemours is taking immediate steps to strengthen its data security practices. These include moving towards encrypting all computer backup tapes and moving non-essential computer backup tapes to a secure off-site storage facility.
Source: Nemours Press Release
The gesture of one year of free credit reporting is, in my opinion, a joke. That is typically a service that runs about 10 bucks a month if an individual pays for it, and probably a mild lump sum payment for a corporation thats paid by the insurance company in the long run. I think that is offered as a compensatory offering if there is a concerned individual on the phone, and they want to appease them. One year is far from enough in most cases. Crooks know that these companies who get caught with their pants around their ankles do the bare (no pun intended) minimum.
It looks like some one knew of the issue at hand, and only was notified once the tape(s) were gone. Heck, those tapes were from 1994-2004, so someone with knowledge and tenure may have knew about this.
Hopefully the computer cabinets were either brought to a dump, recycling center or other facility where more than likely the tapes went down the path of destruction. If the furnature was sold or simply removed by an employee who thought it better to use it vice whip it out – destroyed them and didnt say anything.
with all these lost tapes – and reputations that go down the crapper, one would think that the technology and its risks wouldn’t be used. There are faster and more secure ways to deal with these issues. A three Terabyte removable hard drive is less than 200 bucks on sale – do a cost comparision along with the associated risks and find a better solution.
Can I sue them for this? The free credit report is a joke they are only trying to keep from people sueing them by pleasing them. But I am very concerned that was my whole life stolen from me and they were on UNENCRYPTED TAPES! That kind of information should have always been encrypted! I am looking for a attorney and getting to the bottom of this ASAP!