BreachExchange mailing list archives
Confidential records missing at MHI in Independence
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 27 Jun 2013 10:06:06 -0500
http://wcfcourier.com/news/local/govt-and-politics/confidential-records-missing-at-mhi-in-independence/article_efe73f7e-de6b-11e2-81bc-001a4bcf887a.html DES MOINES --- Iowa Department of Human Services officials issued an alert Wednesday to former patients at the Mental Health Institute in Independence and hundreds of state employees there and at other state facilities concerning a possible breach of their confidential information. Officials say the information was stored on a backup computer tape that went missing April 30 cannot be located. A search for the tape continues at the Independence facility, DHS spokesman Roger Munns said in a news release, and officials believe it is likely that the tape was inadvertently destroyed or discarded. Access to information on the tape requires specialized and outdated equipment. "The chance that your information was improperly accessed is small, but we realize that you may want to take steps to be sure that your information is not used by another person," said Bhasker Dave, superintendent of the Independence facility that is administered by the state Department of Human Services. In letters mailed Wednesday, DHS officials explained what happened and offered to pay for one-year enrollment in a credit monitoring service for anyone who fears that the possible breach could lead to a stolen identity, according to the department news release. Officials said the tape does not contain any bank or credit card information, but it does include Social Security numbers and addresses for about 700 employees of several facilities managed by the DHS. The tape also includes Social Security numbers and other information regarding about 7,300 former patients at the Independence facility, according to the DHS statement. A few records date back to the late 1980s but most refer to more recent patients. The tape does not include records of patients who were admitted after June 2010. The computer system is no longer used for patient records or employee information, according to the DHS statement. The historical data had not been purged from the computer system and continued to be backed up on a monthly basis, Dave said. He noted that the computer system requires the use of specialized equipment that is no longer serviced by the manufacturer, and that the backup system has been changed to eliminate the unnecessary retention of personally identifiable information. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Confidential records missing at MHI in Independence Erica Absetz (Jun 27)