In July 2010, Massachusetts-based South Shore Hospital announced a startling security breach:
The personal information for up to 800,000 patients, employees, donors, vendors, and business partners from January 1996 to January 2010 had been compromised in a massive data breach when back-up computer tapes scheduled for destruction were lost.
How did this happen?
Easier than you might think.
South Shore Hospital had contracted with Archive Data Solutions to have their back-up computer tapes – which may have included full names, addresses, social security numbers, diagnoses, and dates of services – destroyed. South Shore Hospital shipped the files per usual but did not receive certificates of destruction as expected.
South Shored Hopsital communicated with Archive Data Solutions…
And their final investigation revealed the following:
“South Shore Hospital has concluded that there is little to no risk that information on the files has been or could be acquired, accessed or misused based on the following key investigation findings:
- The back-up computer files were stored on unmarked computer tapes that were packed in three sealed boxes. The boxes were wrapped together on a shipping pallet and had no indication on the outside or inside that they contained confidential information.
- South Shore Hospital, the private investigation team, and Ohio-based R+L Carriers – the company that transported the files for offsite destruction – conducted multi-state searches for the two missing boxes. All available evidence indicates that the three boxes of computer tapes were likely separated from each other during transport. Once separated, two of the three boxes were unidentifiable because they were unmarked and appeared to be of no value. As a result, those two boxes of computer tapes are believed to have been disposed of in a secure commercial landfill that R+L Carriers uses to dispose of unclaimed materials and are therefore unrecoverable.”
Could this security breach have been stopped before it even got started?
Just one step would have averted the whole fiasco:
Retain custody of your hard drives and electronic media.
Let us come to you. For total peace of mind.
We’ll shred your hard drives and other media on your property with you watching on our surveillance equipment, and we’ll send those certificates of destruction to you immediately.
Corporate Destruction Solutions… the preferred on-site hard drive and media destruction service.