A backup tape is stolen from Greensboro Gynecology Associates
Technorati Tag: Security Breach
Date Reported:
7/15/08
UPDATE 7/17/08:
News & Record reports that "47,000 patients affected by theft"
Organization:
Greensboro Gynecology Associates
Contractor/Consultant/Branch:
None
Victims:
Physicians, staff members, and patients
Number Affected:
Unknown
Types of Data:
"names, addresses, Social Security numbers, employers, insurance companies, policy numbers and family members"
Breach Description:
"GREENSBORO - Patients at a Greensboro doctors’ office have been notified that their personal information - including Social Security numbers and addresses - was stolen in May."
Reference URL:
News & Record
Report Credit:
Ryan Seals, News & Record
Response:
From the online source cited above:
In a letter mailed to patients, Greensboro Gynecology Associates said a backup tape of their computer database was stolen.
[Evan] Does "their computer database" include billing information and other confidential information other than personally identifiable information?
The letter was dated June 16, but some letters weren't postmarked until July 9.
The medical practice said a backup tape of patient information was stolen on May 29 from an employee who was taking the tape to an off-site storage facility for safekeeping.
[Evan] I wonder what type of off-site storage facility. Some of the small businesses that I have encountered consider an employee's home to be an "off-site" storage facility.
The stolen information included patients' name, address, Social Security number, employer, insurance company, policy numbers and family members.
The tape did not include treatment or specific medical data.
"We are very concerned about this theft, as we too are victims," Pat Higgins, the practice's administrator, wrote in an e-mail Tuesday. "We are notifying our present and former patients. ..."
The practice at 719 Green Valley Road Suite 305 said personal information for its physicians and other staff members also was on the stolen tape.
the case is under investigation
did not respond to inquiries about how many patients were affected, how the theft occurred and whether anything else was taken
The practice's letter said the theft had been reported to police. However, officials with the Greensboro Police Department and the Guilford County Sheriff's Office said they had no such report on file.
[Evan] This is interesting news.
The data was not encrypted, but Greensboro Gynecology Associates said the stolen data isn't likely to be accessed.
"We have consulted with several computer security experts, and they have advised it is highly unlikely the tapes can be accessed because of the program used and the language (the information) is written in," according to a recording on a hotline set up to address patients' concerns.
[Evan] Who are these several computer security "experts'? I hate to disagree, but... The assessment is based on "the program used and the language" that the archived information is written in. Really? How hard is it to obtain the necessary hardware and software to access the information? Someone interested in accessing the tape could conceivably flip the data protection tab on the tape (to prevent data corruption through inadvertent writes), download some of the more popular backup software programs, buy a compatible drive (stolen or on eBay), and go to town. Couldn't they? Backup Exec is a very popular backup program. Anyone can download a 60-day trial for free. More talented professionals have even more sophisticated methods of accessing data on tape.
Greensboro Gynecology Associates said they are consulting with computer security experts to prevent similar thefts in the future.
[Evan] I kind of hope that they are not consulting with the same computer security "experts" referenced above.
"We sincerely regret and apologize that this incident occurred," the letter said
Commentary:
Many backup software solutions include the option to encrypt the written data built-in. Why not use it?
Greensboro Gynecology Associates has established a hotline for concerned patients. The phone number is . The hotline asks patients to leave their name and telephone number for a staff member to return their call.
Past Breaches:
Unknown
Date Reported:7/15/08
UPDATE 7/17/08:
News & Record reports that "47,000 patients affected by theft"
Organization:
Greensboro Gynecology Associates
Contractor/Consultant/Branch:
None
Victims:
Physicians, staff members, and patients
Number Affected:
Unknown
Types of Data:
"names, addresses, Social Security numbers, employers, insurance companies, policy numbers and family members"
Breach Description:
"GREENSBORO - Patients at a Greensboro doctors’ office have been notified that their personal information - including Social Security numbers and addresses - was stolen in May."
Reference URL:
News & Record
Report Credit:
Ryan Seals, News & Record
Response:
From the online source cited above:
In a letter mailed to patients, Greensboro Gynecology Associates said a backup tape of their computer database was stolen.
[Evan] Does "their computer database" include billing information and other confidential information other than personally identifiable information?
The letter was dated June 16, but some letters weren't postmarked until July 9.
The medical practice said a backup tape of patient information was stolen on May 29 from an employee who was taking the tape to an off-site storage facility for safekeeping.
[Evan] I wonder what type of off-site storage facility. Some of the small businesses that I have encountered consider an employee's home to be an "off-site" storage facility.
The stolen information included patients' name, address, Social Security number, employer, insurance company, policy numbers and family members.
The tape did not include treatment or specific medical data.
"We are very concerned about this theft, as we too are victims," Pat Higgins, the practice's administrator, wrote in an e-mail Tuesday. "We are notifying our present and former patients. ..."
The practice at 719 Green Valley Road Suite 305 said personal information for its physicians and other staff members also was on the stolen tape.
the case is under investigation
did not respond to inquiries about how many patients were affected, how the theft occurred and whether anything else was taken
The practice's letter said the theft had been reported to police. However, officials with the Greensboro Police Department and the Guilford County Sheriff's Office said they had no such report on file.
[Evan] This is interesting news.
The data was not encrypted, but Greensboro Gynecology Associates said the stolen data isn't likely to be accessed.
"We have consulted with several computer security experts, and they have advised it is highly unlikely the tapes can be accessed because of the program used and the language (the information) is written in," according to a recording on a hotline set up to address patients' concerns.
[Evan] Who are these several computer security "experts'? I hate to disagree, but... The assessment is based on "the program used and the language" that the archived information is written in. Really? How hard is it to obtain the necessary hardware and software to access the information? Someone interested in accessing the tape could conceivably flip the data protection tab on the tape (to prevent data corruption through inadvertent writes), download some of the more popular backup software programs, buy a compatible drive (stolen or on eBay), and go to town. Couldn't they? Backup Exec is a very popular backup program. Anyone can download a 60-day trial for free. More talented professionals have even more sophisticated methods of accessing data on tape.
Greensboro Gynecology Associates said they are consulting with computer security experts to prevent similar thefts in the future.
[Evan] I kind of hope that they are not consulting with the same computer security "experts" referenced above.
"We sincerely regret and apologize that this incident occurred," the letter said
Commentary:
Many backup software solutions include the option to encrypt the written data built-in. Why not use it?
Greensboro Gynecology Associates has established a hotline for concerned patients. The phone number is . The hotline asks patients to leave their name and telephone number for a staff member to return their call.
Past Breaches:
Unknown
Posted by Evan Francen at 7/16/2008 4:12 PM 
Categories: Stolen Tape, Greensboro Gynecology Associates
Categories: Stolen Tape, Greensboro Gynecology Associates
Posts Atom 1.0
Comments