Iowa DHS discloses that backup tape with PHI of former patients at Mental Health Institute and state employees is missing

Rod Boshart reports:

Iowa Department of Human Services officials issued an alert Wednesday to former patients at the Mental Health Institute in Independence and hundreds of state employees there and at other state facilities concerning a possible breach of their confidential information.

Officials say the information was stored on a backup computer tape that went missing April 30 cannot be located. A search for the tape continues at the Independence facility, DHS spokesman Roger Munns said in a news release, and officials believe it is likely that the tape was inadvertently destroyed or discarded. Access to information on the tape requires specialized and outdated equipment.

 Read more on WCF Courier.  This breach represents a useful example of what happens if you fail to purge old, historical data:

The historical data had not been purged from the computer system and continued to be backed up on a monthly basis, Dave said. He noted that the computer system requires the use of specialized equipment that is no longer serviced by the manufacturer, and that the backup system has been changed to eliminate the unnecessary retention of personally identifiable information.

So… wasn’t any of this considered or discussed when the agency conducted its risk assessment?

About the author: Dissent

Comments are closed.