South Shore Hospital in Massachusetts announced yesterday that personal records of 800,000 individuals may be missing. The hospital sent backup tapes to a contractor for destruction. The contractor has informed the hospital that only a portion of the tapes have been received and destroyed, the rest of the tapes are missing.
According to the Boston Globe:
The hospital said the files contained information on patients, employees, physicians, volunteers, donors, and other business partners associated with South Shore between Jan. 1, 1996, and Jan. 6 of this year.
The files may have included names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits, and other personal information.
My first reaction to this story is to ask “why weren’t the backup tapes encrypted”? On the South Shore Hospital FAQ website they answer the question:
These particular back-up computer files were scheduled for destruction because they were in a format the hospital no longer uses and because the back-up process did not allow for these files to be encrypted. However, specialized software, hardware, and technical knowledge and skill would be required for someone to access and decipher the information.
Related posts:
