Medical records discovered in dumpster

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.wwlp.com/dpp/news/i_team/medical-records-discovered-in-dumpster

SPRINGFIELD, Mass. (WWLP) - You'd like to think your medical records
are safe but the 22News I-Team discovered today a number of personal
documents left in a dumpster for anyone to see.

We took the files out, brought them to management, and got some answers.

"As I was going through the stuff I saw files and they looked like
medical files," said Springfield's Bryant Longey.

Longey says he stumbled upon this dumpster out on a walk this weekend,
when he noticed dozens of personal files.

"I said wow, this can't be right, these should be burned or shredded
or something."

He found the files came from the Behavioral Health Network in
Springfield, a service both he and his mom utilize.

"My privacy, it could be invaded like all these other folks," said
Carol Roberts.

That's when they contacted the 22News I-Team.

We took the files from them and went back to the dumpster where we
discovered even more records.

That's when we took them inside to BHN management to get some answers.

We explained and they seemed surprised by what I was holding.

"Thank you very much, I certainly appreciate you bringing it to our
attention, that is absolutely against policy and we'll need to do an
investigation to figure out how that happened." said BHN Vice
President Candace Darcy.

We handed the files over and brought them to the dumpster so they
could get the rest.

Darcy says this shouldn't happened because they pay to get records shredded.

"They come in and shred documents right on the premises before they
take it away so confidentiality is guaranteed.  I have no idea how
this could've happened and we'll certainly check into it and make sure
it doesn't happen again."

It's important to note 22News doesn't have any files in our possession.

They were all returned and we will be following up to see this problem
is resolved for your protection.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.