Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Medicine News

Backup Tapes With 2 Million Medical Records Stolen 173

Posted by Soulskill from the doctor-patient-thief-confidentiality dept.
Lucas123 writes "A vehicle used by an off-site archive company to transport patient data was broken into on March 17. The University of Miami just made the theft public last week, saying the thieves removed a transport case carrying the school's six computer backup tapes. On those tapes were more than 2 million medical records. In fact, the archive company waited 48 hours before notifying the university itself. A University spokeswoman said the school has stopped shipping backup tapes off-site for now."
This discussion has been archived. No new comments can be posted.

Backup Tapes With 2 Million Medical Records Stolen More

Backup Tapes With 2 Million Medical Records Stolen

Comments Filter:

  • Hmm. (Score:5, Interesting)

    by Ethanol-fueled ( 1125189 ) * on Saturday April 26, 2008 @02:00AM (#23205748) Homepage Journal
    From TFA:

    After learning about the data breach, the university contacted local computer forensics companies to see if data on a similar set of backup tapes could be accessed. Menendez said security experts at Terremark Worldwide Inc. "tried for days" to decode the data but could not because of proprietary compression and encoding tools used to write data to the storage tapes.

    Proprietary compression and encoding tools? the article reeks of FUD but proprietary technologies still aren't without their faults...but eh, it's not like they used this "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" [wikipedia.org], right?

  • Re:*Still* no encryption?? (Score:5, Interesting)

    by WaltBusterkeys ( 1156557 ) * on Saturday April 26, 2008 @02:50AM (#23205906)

    You can probably Google the file extension or some information in the header to determine the format and/or software.
    Not everything is on Google. If we're talking tapes, we're probably talking old mainframe-level systems. That means the problem might even be at the level of accessing the tape at all. The data coming off the tape is still just a string of ones and zeroes to them.

    This isn't a question where they've got a file sitting on their desktop called "Data.abx" and all they need to do is figure out what program creates an ".abx" file. In all likelihood, there's an old custom or semi-custom mainframe system that wrote this to the tape that didn't format in FAT32. (Nor would it make sense to even both with a filesystem on this type of backup system -- you're not backing up files, you're backing up a database.) From looking at a stream of data dump, there's no way to immediately make sense of it. If there's no file headers, there's not as much of a clue as to where to start. It just looks like an endless string of hex (2 million records is a lot of data).

    Somehow I doubt that this is just an Access file, sorry. Or even a SQL dump. They're not complete idiots.

  • Crooks hoping for physical, got useless tapes (Score:3, Interesting)

    by spineboy ( 22918 ) on Saturday April 26, 2008 @03:47AM (#23206026) Journal
    More often than not, homeless people, and petty crooks just steal AYTHING out of cars hoping to get pennies on the dollar for whatever they stole. A nice looking, shiny case was probably thought to have some nice stuff in it, other than tapes. I bet the tapes are in some sewer drain or dumpster by now, and the case is being pawned for 5 dollars.

  • Tape encryption is avaliable for all, use it. (Score:2, Interesting)

    by vallef ( 955213 ) on Saturday April 26, 2008 @04:41AM (#23206126)
    Hopefully people will use tape encryption now, it's been available for years. As I am afraid that tape is still the most efficient for moving large amounts of data. Also the tape encryption is uses very strong algorithms e.g. AES-256 etc.

    Some vendors like Sun and IBM give the key management stations away for free if you use encryption. People just do not understand how hi-tech tape is nowadays. Everyones perception of tape is old DAT, people need to look at Sun T10000, IBM TSxxxx or LT04. If you are archiving data for a long time there is no other ecological option than tape. It's longevity (of the quality products) has been proven over the last 20yrs. Tape is not that interesting, but it is like brushing you teeth, you know it is a good thing for the long run.

  • TFA does NOT say they were encrypted (Score:3, Interesting)

    by Skapare ( 16644 ) on Saturday April 26, 2008 @04:50AM (#23206142) Homepage

    There's nothing in the article that says they were encrypted. They were compressed and some kind of encoding was involved. But encoding could be any number of things, and quite possibly the coding used by medical records systems to compact common terms to numbers. It could be hard to make use of the data. But if it was an "inside job", or the perps can get the software used on this, it can be cracked easily. This is not strong encryption.

Slashdot Top Deals

"Experience has proved that some people indeed know everything." -- Russell Baker

Close