Another hospital in the
The data breach was found when a routine check was carried out on the location of a backup computer tape—and, apparently, no one could find it. The lost tape had information on 38,650 patients. However, only 11,500 patients have been contacted to alert them of the breach (what’s that all about?)
The letter also mentioned that the contents of the tape were password?protected and can only be read using special software. The former is not really adequate security, and the reasons for arriving to that conclusion are heavily documented. The latter—I’m ambivalent on whether it represents a form of security. On the one hand, it certainly makes it harder for one to access the data, since each software application has its own way of encoding information. This is why you can’t open your Excel file in Microsoft Word, for example. But, on the other hand, it’s a matter of finding the right software to get to the data.
Regardless of my position on the issue, the fact that the affected hospital has decided to encrypt all data perhaps indicates that relying on the obscurity of a file format is not the way to go when the safety of patient information is at stake. Data encryption must have been selected for a reason.
Incidentally, this case is probably representative of recent survey results quoted in The Tech Herald that suggests business owners (and, it seems to me, anyone in the position of leadership) have an “‘air of invincibility’ when it comes to the potential for their company to suffer an intentional or accidental data exposure.” According to that article, natural disasters weighed more heavily in their minds than data breaches.
I’m not sure if I can disagree with such an assessment—there could be a legitimate reason for thinking that way (flooding may be on your mind more often if you live in downtown