A press release dropped into my inbox today, it seems 4.9 million (that’s 4,900,000) patients who were treated by military hospitals over the past 20 years have had their private data hacked. Social Security numbers, addresses, phone numbers and “some personal health data” was exposed. So how was this one done? 12 computer tapes containing “Personally identifiable and protected health information (PII/PHI)” were stolen. Now the military’s health service is paying for one years worth of credit monitoring.
So what can we learn from this one? We have to remember that those backup tapes are as important as the CEO’s shiny laptop or the Finance Department’s server. Our disaster recovery plans need to take into account the security of not only the tape’s storage but also the security of transporting the tapes back and forth.
~Geof “Dude, where’s my tape?” Franklin