Health Services Provider Nemours Loses Backup Tapes: 1.6 Million Affected

Three unencrypted backup tapes containing sensitive personal data have been reported missing by Nemours, a children’s health care services provider.

The tapes in question were reported missing from a facility in Wilmington, Delaware on September 8, 2011. The company believes they have been removed around August 10, 2011 during a renovation project.

The data stored on the tapes dates mainly between 1994 and 2004 and affects approximately 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida. The missing backup tapes contained information including name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information.

“There is no indication that the tapes were stolen or that any of the information on them has been accessed or misused,” the company said in a statement.

The company said it had hired independent security experts who determined that “highly specialized equipment and specific technical knowledge” would be needed in order to make use of the data.

No medical records were stored on the tapes.

In related news, just last week a similar incident occurred with lost backup tapes at TRICARE, a provider of health care services to active and retired military personnel, that could potentially affect 4.9 million individuals. These careless and easily preventable incidents will prove to be costly mistakes for both organizations.