Log in

Huge Data Breach at NYC Hospital, Backup Tapes were not Encrypted

February 18th, 2011 by admin Leave a reply »

New York City Health and Hospitals Corporation

Huge Data Breach at NYC Hospital

Very Huge and Rare Case of Data Breach

A huge data breach took place in New York City Hospital and affected an enormous amount of people. The Security of over 1.7 million people could be in danger this time as per the current situation. Some thieves robbed a van and stole the backup tapes containing the personal health records of about 1.7 million New Yorkers. These backup tapes of the New York based North Bronx Healthcare were stolen on 23rd December 2010.

Backup tapes held the sensitive healthcare information of people including patients, employees, contractors and vendors. The stolen tapes had patient history like patient’s full names, addresses, birth dates, telephone numbers, Social Security numbers and electronic protected health information (EPHI) dating back 20 years like health insurance information, admission/discharge dates and medical record numbers.

Backup Tapes were not Encrypted

This is really unacceptable that the backup tapes of such a big organization were not encrypted. This is striking even more when people know that encryption is not a tough procedure, it’s very cheap and easy to do. When the information is not encrypted, it means if somebody wants to access the data he/she can do it without the permission of owner. There was only one data security measure used in the backup files that the data was not stored in plain text. A person needs specialized technical expertise to access the files and also data mining tools to be able to access it.

Alan D. Aviles, HHC’s president said “It is unfortunate that such things have to occur before something is done about it. As far there is no evidence that the data in the tapes had been misused but the corporation will ensure that future backup tapes are encrypted”.

HIPAA Security Rules were not followed

Hospital took a long time to report this data breach and ignored the HIPAA security rules. The hospital started to inform the victims about the breach on the 9th of February. It may seem that it took a long period of time while it took HHC nearly two months before reporting the data breach. New York state law stipulates that any data breach has to be reported in 60 days after the incident happens.

Alan said in a statement that “Letters in 17 languages have begun to be mailed to patients and affected individuals this week, advising them of the theft and informing them of protective services that have been made available”.

Why Data Breaches Occur in Health Care Industry

Ponemon Institute conducted a study on the reasons “why data breaches occur in the health care industry”. According to its reports, it outlined the lack of encryption software, poor management of data access, theft or loss of devices containing important data and the failure of shredding important documents as the main causes. HHC said that it would provide anti-fraud services and credit monitoring through Debix to those who were affected by the incident. Hospital opened a customer care centers to deal with the inquiries and affected people can call on this number 1-877-412-7148. Victims of the data breach can register for the extra protection within 120 days of the incident on the same number.

Keep your Sensitive Data Safe with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.