Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Iowa Mental Health Institute Warns of Missing Backup Tape

The Iowa Department of Human Services on Wednesday warned former patients at the Mental Health Institute in Independence and others, about a possible breach of their confidential information due to a lost backup tape.

The Iowa Department of Human Services on Wednesday warned former patients at the Mental Health Institute in Independence and others, about a possible breach of their confidential information due to a lost backup tape.

According to the breach disclosure, the lost tape contained Social Security numbers and other information on roughly 7,300 former patients at the Independence facility. Some records date back to the late 1980s but were more recent patients, the disclosure said.

No financial information was stored on the lost tape, the Department said, but Social Security numbers and addresses for about 700 employees of several facilities managed by the DHS were included in the exposed data.

Health Care Security

What’s sad, is that the tape was discovered missing on April 30, 2013, and those potentially affected are just being notified now.  

“A search for the tape continues and officials said it is likely the tape was inadvertently destroyed or discarded,” the disclosure stated.

Related: Even Breach Notifications Are Bigger in Texas

The statement also said that access to information on the tape would require specialized and outdated equipment, this should not comfort anyone if the tape fell into the hands of someone with malicious intent.

Despite requiring “specialized and outdated equipment”, if the data on the tape was not encrypted (which is does not appear to be), an attacker could likely still gain access to what is stored on the tape by obtaining older hardware through various means and extracting sensitive data from the data sets.

Advertisement. Scroll to continue reading.

“The chance that your information was improperly accessed is small, but we realize that you may want to take steps to be sure that your information is not used by another person,” said Supt. Bhasker Dave.

The facility is administered by the Department of Human Services.

The Department has offered to pay for one-year enrollment in a credit monitoring service for anyone concerned that the possible breach could lead to identity theft.

According to the Department, the computer system is no longer used for patient records or employee information and the tape does not include records of patients who were admitted after June 2010.

Related: Probe Into Missing Secret Service Tapes Launched After Five Years  

Related: Lost Tapes at TRICARE Potentially Expose 4.9 Million Military Personnel  

Related: Health Services Provider Nemours Loses Backup Tapes: 1.6 Million Affected 

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.