Going to the hospital is supposed to make you feel better. Not make you sick to your stomach. Sadly, as more and more personal data gets stored on smaller and smaller mediums, the potential for ill feelings rises. With so much material on tiny electronics, it is very easy for the data to grow legs and walk away. That is the situation at the Yan Chai Hospital in Hong Kong. One of the busiest hospitals in the area, hundreds of thousands of patients pass through its doors on an annual basis. In this specific case, it isn’t current visitors who are in jeopardy, but those who came for medical attention between January 2005 and January 2006.

The data breach took place during the routine process of creating encrypted backups of files which contained the personal information of patients. The disks which contained the material went missing during the process and although the hospital staff conducted a thorough investigation of the facility, they were unable to locate the missing materials. In a letter released to the public, the hospital noted that it learned of the problem on June 20, although it did not say when the breach actually occurred and how long the material was missing before it was noticed.

In an effort to reassure the public, the hospital has stressed that there is no medical information contained on the disks. This assurance has eased the mind of some people. Much like in the United States, Hong Kong is going through a period of discontentment with plans by many hospitals to shift all medical records to online databases for this exact reason. No word yet on how this breach will affected that ongoing debate. At the same time that they announced the missing disks, the hospital also said that 23 hard copy receipts were missing. These pieces of paper contained names, addresses, identity card numbers, and some medical information about patients. An investigation to find these was also unsuccessful.

While the hospital has exhausted its resources in searching for all this missing data material, it has turned the investigation over to the police and alerted the Office of the Privacy Commissioner for Personal Data. These entities will continue the investigation into the foreseeable future. At the same time, the hospital is reviewing all of its own security and data encryption policies in an effort to prevent any future breaches from happening. Experts expect this review to take some time.

While not yet available in Hong Kong, the ID theft subscription company is attempting to expand its recognition around the world. For a minimal fee, these company maintains contact with all three credit bureaus and alerts customers whenever a new loan application or credit card is filed. It verifies that this information is valid and that no efforts at identity theft are taking place. Lifelock then either lets the bureaus approve or deny the loan, depending on if it actually being initiated by the person whose personal data is being used.

Tags: lifelock, OPCPD, Yan Chai Hospital

This entry was posted on Tuesday, July 15th, 2008 at 3:55 am and is filed under Corporate Breaches, Government Breaches, Individuals. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.