Lost Hard Drive = Learning Opportunity

Mar 2011

Lost Hard Drive = Learning Opportunity

Posted by Chris Whitside

It’s so sad when a child is lost to disease or accident. It can take a long time for parents to recover from such a tragedy. So, it is even sadder when they later get a phone call reminding them of their loss, “Uh, hello, I’m calling from Misericordia Hospital. Sorry, but we lost a portable hard drive that contains pictures and other health information about your dead child.”

Bereaved families and patients were among 233 people alerted that their information was missing. Two surgery videos and 3,600 photos of wounds, lab specimens and the pictures of dead infants, all labelled with patients' names, went missing from the Misericordia Hospital in Edmonton. They were stored on an unencrypted portable hard drive lost during an office move in January this year.

The 306 bed acute care facility is operated by Covenant Health System. Covenant, in turn, is a member of the US-based St. Joseph Health System, a successful not-for-profit health system. According to Covenant, encryption of all data is policy but, in this case, a staff member neglected to follow that policy.

 So, what we have here I suppose is a sad but useful learning opportunity. Let’s look at the costs that any organization like Covenant might expect for trusting in policy alone to protect the private information entrusted to them:

  • Emotional pain caused to innocent victims of lost information
  • Litigation threat from emotional pain caused
  • Litigation threat if identities are found to be stolen and used
  • Staff time lost searching for missing hard drive
  • Embarrassment and damage to professional image of organization
  • Time and costs of dealing with remedial measures
  • Costs of implementing new security that should have been in place the first time
  • Fines and legal costs for breaking privacy laws in certain jurisdictions
  • Second tier costs yet to be discovered

Now, let’s look at the costs of the portable hard drive backup system. At $50-$100 each, portable hard drives probably seemed like an inexpensive and simple solution. Oops, wait a minute, we had better add a little more to cover the admin costs of maintaining those drives and purchasing new ones every few years. And add a little more to cover the cost of encryption software that our policy demands. And we should probably add more to cover staff time to ensure backups are done regularly. Hmm, and I wonder what we will need to spend to ensure those drives are stored securely offsite.

Well, maybe those costs are okay as long as the backups are secure. Too bad that encryption and disciplined backups are such a pain for staff – sometimes they just forget about it. If only there was a simple, automated way to backup private information with bullet-proof encryption – a way for us to adhere to policy that would save us from all the headaches and hidden costs.

OK, does anyone have any ideas?

To read the original article from the Edmonton Journal, please click here.

Spice IT Email Post

For more information

Get insights about cloud backup and recovery direct to your inbox every month.
Subscribe to our Newsletter
Stay connected to the latest data protection insights – subscribe to our blog.
Subscribe to our blog
Got questions for one of our recovery specialists?
Need Answers to your Questions?
Print this page
Email this page