Massachusetts hospital may have lost backup files affecting 800,000 people

A third-party firm contracted out by a Massachusetts hospital to destroy sensitive computer files cannot confirm that it wiped them clean, leaving hundreds of thousands of patients at risk for identity theft, SearchSecurity.com reports. The names, addresses, Social Security numbers, diagnosis and treatment codes and, in some cases, credit card data, of up to 800,000 people may have been lost, according Weymouth, Mass.-based South Shore Hospital.

The lost data files contained 14 years worth of information on patients, doctors, staff members, volunteers and donors, and were unencrypted, but in a file format the hospital no longer uses. According to CMIO, the hospital says an unspecified independent information security consulting firm has confirmed that a hacker would need specialized software, hardware and technical expertise to access any of the data.

South Shore Hospital sent the back-up files to be destroyed off-site on Feb. 26. "When certificates of destruction were not provided to the hospital in a timely manner, the hospital pressed the data management company for an explanation," hospital officials say in a statement. "South Shore Hospital was finally informed on June 17 that only a portion of the shipped back-up computer files had been received and destroyed."

Hospital officials have informed the state attorney general's office, the Massachusetts Department of Public Health and HHS about the threat to individual privacy and have ended off-site destruction of backup files, CMIO reports. The organization is working to identify and notify those people whose information was on the lost files.

To learn more:
- take a look at this CMIO story
- read this SearchSecurity.com article

Related Articles:
Confidentiality breach: Hospital sent patient records to auto shop
Connecticut AG investigates WellPoint data breach, fines Health Net $250K
Report: Medical data theft growing as more adopt EMRs

Post a comment