New York City officials have begun the process of notifying 1.7 million patients, staff, contractors, vendors and anyone else who was treated or that provided services during the past 20 years at 2 public hospitals in the Bronx. The New York City Health and Hospitals Corporation said the theft could endanger the personal information of basically anyone who shared personal information with Jacobi Medical Center, North Central Bronx Hospital, or their many offsite clinics.
The stolen electronic records contained personal information, protected health information, and/or personally identifiable employee medical information. HHC said in a statement that it “values and protects individuals’ privacy and confidentiality and deeply regrets any inconvenience and concern this may create for patients, staff and others affected. The loss of this data occurred through the negligence of a contracted firm that specializes in the secure transport and storage of sensitive data.” Computer backup tapes were stolen on Dec. 23, 2010, from a truck operated by GRM Information Management Services that was transporting them to a secure storage location. The theft occurred while the GRM van was left unlocked and unattended during other pickups. GRM reported the incident to the police and dismissed the driver. The tapes were not encrypted.
There is no evidence that the data have been inappropriately accessed or misused, HHC said. However, HHC is providing information and one year of free credit monitoring services to anyone who may be worried about possible identity theft.
All the details are at http://www.healthcareinfosecurity.com/articles.php?art_id=3349
So, what are they doing shipping unencrypted tapes around? How is it possible that a hospital could be so negligent? Why do their unencrypted tapes contain data collected over TWENTY YEARS? Shouldn’t it be purged occassionally? Oh, the legal fur is going to fly over this one.