Security Experts:

Health Services Provider Nemours Loses Backup Tapes: 1.6 Million Affected

Three unencrypted backup tapes containing sensitive personal data have been reported missing by Nemours, a children's health care services provider.

The tapes in question were reported missing from a facility in Wilmington, Delaware on September 8, 2011. The company believes they have been removed around August 10, 2011 during a renovation project.

The data stored on the tapes dates mainly between 1994 and 2004 and affects approximately 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida. The missing backup tapes contained information including name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information.

“There is no indication that the tapes were stolen or that any of the information on them has been accessed or misused," the company said in a statement.

The company said it had hired independent security experts who determined that “highly specialized equipment and specific technical knowledge” would be needed in order to make use of the data.

No medical records were stored on the tapes.

In related news, just last week a similar incident occurred with lost backup tapes at TRICARE, a provider of health care services to active and retired military personnel, that could potentially affect 4.9 million individuals. These careless and easily preventable incidents will prove to be costly mistakes for both organizations.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.