The US Department of Health and Human Services is having a tough time of it. They are the latest government agency to report a significant data breach, but this time, with a twist. In this instance, it wasn’t a nefarious plot by a group of hackers, but simple human carelessness and error.
The case in question involves the improper handling and disposal of physical records, from the Fort Myers, Florida. Radiology Regional Center. Documents were loaded on a truck and sent to a local landfill, but were not shredded or marked up before handing them off. The door of the shipping unit was not properly secured, and in transit, some of the papers simply blew out into the road.
It is unclear which, or how many records were exposed, but that shipment contained records of more than 483,000 individuals. This is not just a local, or regional problem, either. The Radiology Center handles patient records and information from all over the country, and the incident prompted HHS to send a notification to all of the potentially impacted individuals.
As to the seriousness of the data loss – that’s difficult to measure or assess at this point. It’s possible that most of the lost records will be damaged by the elements and rendered illegible before any harm can be done, but it’s just as easy to imagine another, much darker outcome. Even worse, given the fact that these were highly detailed records, they contained patient names, addresses, phone numbers, dates of birth, social security numbers, health insurance policy numbers, and sensitive, normally protected health information. In other words, this incident has as large, and as bad an impact as one would ever expect to see.
All of this underscores an important point. While we are scrambling to secure the digital integrity of data, we must never forget that this is only one part of a much more complex equation. Physical security and proper disposal must be given equal time and attention.