[Dataloss] (update): Utah hospital billing records from over 2 million patients stolen

Wed Jun 11 15:19:42 UTC 2008

A sad note here is that Perpetual Storage hadn't lost a single record in 
over 40 years, until this one employee came along. No one here has said 
why he was using his own car. Company policy is that personal vehicles 
are never used. And taking the tapes home overnight, and leaving the 
cash box that contained the tapes in plain sight... the employee is now 
former- he was fired immediately. Local news has reported that local law 
enforcement and the FBI are both involved in the investigation, but they 
haven't yet decided whether to file any charges. Charges or not, the 
former employee should not be able to get bonded in the future.

This guy would never be able to pay restitution for his actions -- 
they're telling us that the cost of stamps and envelopes will be in the 
neighborthood of half a million dollars. I don't know who's paying for 
that -- the University, or Perpetual Storage. I suspect the University 
will pay, and then approach Perpetual Storage after the fact. And for 
the time being, no backup tapes are being kept on site. Unfortunately, 
that's a good news / bad news kind of solution, but if they resumed the 
Perpetual Storage solution, or found someone else for off-site storage, 
and more records were lost, I'm sure there'd be blood-letting among 
senior management.

Oh, and the $1,000 reward versus the $500,000 bill for stamps and 
envelopes -- I don't get that, either.

Dean B

David Metcalf wrote:
>
> I cannot believe that they are only offering a $1,000 reward for 
> return of the tapes "no questions asked."
>
> http://healthcare.utah.edu/publicaffairs/news/current/billing_theft.html
>
> The website of the security company that lost the tapes is also 
> interesting. It shows impressive pictures of their storage vault which 
> was “designed to be an impregnable fortress” and can even withstand a 
> nuclear blast. Unfortunately, the employee never made it that far.
>
> http://www.perpetualstorage.com/index_home.htm
>
> Another example of human error overcoming the most rugged 
> technological precautions. Or as Mom used to say, “No system is fool 
> proof.”
>
> David
>
> -----Original Message-----
> From: dataloss-bounces at attrition.org 
> [mailto:dataloss-bounces at attrition.org] On Behalf Of lyger
> Sent: Tuesday, June 10, 2008 5:07 PM
> To: dataloss at attrition.org
> Subject: [Dataloss] (update): Utah hospital billing records from over 
> 2 million patients stolen
>
> http://www.kutv.com/content/news/local/story.aspx?content_id=76de0817-3ffe-4f8e-9764-506795954fa1
>
> Billing records of 2.2 million patients at the University of Utah
>
> Hospitals and Clinics were stolen from a vehicle after a courier 
> failed to
>
> immediately take them to a storage center, authorities said Tuesday.
>
> The records, described only as backup information tapes, contained Social
>
> Security numbers of 1.3 million people treated at the university over the
>
> last 16 years, said Lorris Betz, senior vice president for health
>
> sciences.
>
> Betz said people would be notified by a letter at a cost of $500,000 just
>
> for stamps and envelopes. The hospital also pledged free credit
>
> monitoring.
>
> [...]
>
> _______________________________________________
>
> Dataloss Mailing List (dataloss at attrition.org)
>
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
>
> solutions for large and small networks. Scan your network and monitor your
>
> traffic to find the data needing protection before it leaks out!
>
> http://www.tenablesecurity.com/products/compliance.shtml
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
>   