Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Backup Tapes With 2 Million Medical Records Stolen

Soulskill posted more than 5 years ago | from the doctor-patient-thief-confidentiality dept.

Security 173

Lucas123 writes "A vehicle used by an off-site archive company to transport patient data was broken into on March 17. The University of Miami just made the theft public last week, saying the thieves removed a transport case carrying the school's six computer backup tapes. On those tapes were more than 2 million medical records. In fact, the archive company waited 48 hours before notifying the university itself. A University spokeswoman said the school has stopped shipping backup tapes off-site for now."

Sorry! There are no comments related to the filter you selected.

Easy case (2, Funny)

plover (150551) | more than 5 years ago | (#23205742)

This case should be pretty simple to solve. Just track down whoever buys a 9-track tape reader off eBay in the next month and nail him to the wall.

yes but what's the value (0)

goombah99 (560566) | more than 5 years ago | (#23205796)

Why would someone steal the tapes? What is there value.

Re:yes but what's the value (0)

Z00L00K (682162) | more than 5 years ago | (#23205804)

As usual - computers will be of value for anyone needing money for drugs. To a drug-addict that means that tapes must have some value too.

Re:yes but what's the value (0)

Anonymous Coward | more than 5 years ago | (#23206108)

LOL it's a very geeky drug addict the one that is able to turn a profit from stealing computer tapes.If he knows what they are, he knows they are next to worthless, if he doesn't know what they are, he's a crazy bum whose survival in the street is a miracle: who is going to give him money for random "garbage".

The key is obviously in the content of the tape.
There are too many precedents.

Re:yes but what's the value (3, Informative)

Jhon (241832) | more than 5 years ago | (#23205806)

Why would someone steal the tapes? What is there value.


What would YOU pay for 2 million social security numbers?

Re:yes but what's the value (1)

Safiire Arrowny (596720) | more than 5 years ago | (#23205820)

I wouldn't.

Re:yes but what's the value (1, Insightful)

Anonymous Coward | more than 5 years ago | (#23206130)

I wouldn't buy a stolen rolex for 30$ either, therefore no stolen rolex is ever resold.
Awful logic isn't that?

The correct question is: how much would you pay for 2M medical records if you were in the insurance business?

Re:yes but what's the value (5, Informative)

WaltBusterkeys (1156557) | more than 5 years ago | (#23205818)

Why would someone steal the tapes? What is there value.
From TFA: The stolen backup tapes hold names, addresses, Social Security numbers and health information

On the black market these days, a full identity (name, SSN, address, bank information, etc) can go for $14 each [washingtonpost.com] . If the tapes had full identities, that's 2 million x $14 = $28 million payday for a bunch of crooks. Even assume a "volume discount" for these guys and they're still in the many million dollar range. Even if it's just name, address, and SSN there's some value on the black market for these tapes.

When you're breaking into a vehicle filled with stuff that looks like computer equipment, it's hard to know whether the data is going to be social security numbers (valuable), credit card numbers (valuable), medical records (valuable if there's addresses and SSNs), or routine corporate records (not all that valuable). Enough data brokers [reputation...erblog.com] are sloppy enough with their security that there's a good chance to get some identity information that has value.

These guys were either extremely lucky or knew exactly what they were doing. Or they're complete idiots who are wondering why these tapes won't play on their 8-track player.

Re:yes but what's the value (2, Informative)

Digestromath (1190577) | more than 5 years ago | (#23205868)

Not to mention there is also the potential for blackmail. If anyone on the tapes has a serious, publically undisclosed, and socially stigmatic medical condition its ripe.

For Example: Alot of people don't want to publically share that they have STDs etc. Especially not if the files are cross linked with a list of their sexual partners.

While sale for identity fraud would most likely be the most profitable, there are alternative uses for this data. Given the enterprising nature of most criminals, this is a gold mine.

Re:yes but what's the value (1)

eldorel (828471) | more than 5 years ago | (#23206332)

The exact same thing happened at Louisiana State University in sept of last year.
That time it was the fasfa records for the entire school.

I'm actually starting to get a little bit suspicious that there is a pattern forming.

I started to try and compile a listing of backups, laptops, Usb keys and hard drives stolen from universities, but the listing quickly grew beyond what I would like to post on slashdot.

Instead, i'll just post a site that has most of them listed already. Just do a search for the word UNIVERSITY.

http://attrition.org/dataloss/

Re:yes but what's the value (0)

Anonymous Coward | more than 5 years ago | (#23205952)

from TFA: They are encrypted

TFA does NOT say they were encrypted (2, Interesting)

Skapare (16644) | more than 5 years ago | (#23206142)

There's nothing in the article that says they were encrypted. They were compressed and some kind of encoding was involved. But encoding could be any number of things, and quite possibly the coding used by medical records systems to compact common terms to numbers. It could be hard to make use of the data. But if it was an "inside job", or the perps can get the software used on this, it can be cracked easily. This is not strong encryption.

Re:TFA does NOT say they were encrypted (1)

Mysticalfruit (533341) | more than 5 years ago | (#23206434)

Let the fuckers steal our backup tapes... good luck it's encrypted with AES256... that should keep them busy for a couple billion years.
And yes, we do recall random tapes to ensure that we can restore from the encrypted volumes.

In this day and age of "Information Warfare" you should consider every system for moving data vulnerable and take measures to ensure that attempting to steal that data would be more work than what it's worth.

Re:TFA does NOT say they were encrypted (2, Insightful)

frdmfghtr (603968) | more than 5 years ago | (#23206672)

In this day and age of "Information Warfare" you should consider every system for moving data vulnerable and take measures to ensure that attempting to steal that data would be more work than what it's worth.
In the case of physically moving backup high-value drives/tapes to off-site storage, that would mean an armored courier. That data is money to somebody, so protect it like money. Sure it's more expensive that the local Speedy Messenger cargo van, but so is losing control of the data.

Re:yes but what's the value (0)

Anonymous Coward | more than 5 years ago | (#23206374)

Doubtful it's worth that much. Usually bulk items like this go for much-much less because it was stolen all at once. I bet someone could get hold of the whole thing for $5k or so (maybe even less).

Doesn't modern tape backup software encrypt data? (2, Insightful)

Futurepower(R) (558542) | more than 5 years ago | (#23206466)

"On the black market these days, a full identity (name, SSN, address, bank information, etc) can go for $14 each."

Good answer. Next question: Doesn't all modern tape backup software encrypt all data?

Even my personal DVD backups are encrypted automatically.

Re:Doesn't modern tape backup software encrypt dat (1)

drinkypoo (153816) | more than 5 years ago | (#23206638)

Good answer. Next question: Doesn't all modern tape backup software encrypt all data?
  1. Define "Modern"
  2. No

HTH, HAND :)

Seriously though, there's overhead and hassle involved with encrypted backups. The value of a backup is greatly diminished if you can't restore it.

Re:yes but what's the value (0)

Anonymous Coward | more than 5 years ago | (#23206536)

Or they're complete idiots who are wondering why these tapes won't play on their 8-track player.


If they are wondering why a 9-track tape [wikipedia.org] won't play on a 8-track player, [wikipedia.org] they are complete idiots for other reasons. A 9-track tape drive might be the "proprietary compression and encoding tools" described in the article.

Re:yes but what's the value (1)

BoRegardless (721219) | more than 5 years ago | (#23206836)

Well after the "complete idiots" who stole the tapes read Slashdot, they know know they hit the jackpot.

Gotta be a lot of retired mainframe guys around who would "do a consulting job".

Re:yes but what's the value (1)

pclminion (145572) | more than 5 years ago | (#23205888)

Among things mentioned by others, it enables you to blackmail people who have sensitive medical conditions they don't want the whole world knowing about.

Crooks hoping for physical, got useless tapes (2, Interesting)

spineboy (22918) | more than 5 years ago | (#23206026)

More often than not, homeless people, and petty crooks just steal AYTHING out of cars hoping to get pennies on the dollar for whatever they stole. A nice looking, shiny case was probably thought to have some nice stuff in it, other than tapes. I bet the tapes are in some sewer drain or dumpster by now, and the case is being pawned for 5 dollars.

Didn't mean to imply all homeless steal (0, Flamebait)

spineboy (22918) | more than 5 years ago | (#23206032)

Just stating that some people, desperate for cash , might steal anything. Obviously there are plenty of homeless who are law abiding citizens, just down on their luck.

Re:Didn't mean to imply all homeless steal (0)

Anonymous Coward | more than 5 years ago | (#23206214)

Just stating that some people, desperate for cash , might steal anything.
That's human nature and certainly not limited to folks who are unlawful by nature. Extreme poverty does strange things to one's mental psyche.

Obviously there are plenty of homeless who are law abiding citizens, just down on their luck.
Been there done that, I got a 6 figure job out of a homeless shelter after an extremely bad run of luck and poor decisions on my part.

Many homeless people are evil, but not all.

Hmm. (4, Interesting)

Ethanol-fueled (1125189) | more than 5 years ago | (#23205748)

From TFA:

After learning about the data breach, the university contacted local computer forensics companies to see if data on a similar set of backup tapes could be accessed. Menendez said security experts at Terremark Worldwide Inc. "tried for days" to decode the data but could not because of proprietary compression and encoding tools used to write data to the storage tapes.

Proprietary compression and encoding tools? the article reeks of FUD but proprietary technologies still aren't without their faults...but eh, it's not like they used this "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" [wikipedia.org] , right?

Re:Hmm. (5, Funny)

Anonymous Coward | more than 5 years ago | (#23205768)

When questioned further, Terremark employees answered, "what's EBCDIC?"

Re:Hmm. (1)

cobaltnova (1188515) | more than 5 years ago | (#23205808)

Proprietary compressions and encodings: the poor man's encryption... Except that it costs a buttload

Re:Hmm. (1)

DigitAl56K (805623) | more than 5 years ago | (#23205896)

Encryption is never mentioned, and I believe if there had been any encryption that it certainly would have been, and that they would not even bother having someone try to decode data on a similar tape.

Re:Hmm. (1)

cobaltnova (1188515) | more than 5 years ago | (#23206620)

Exactly. Had proper protocols been followed, the data would have been encrypted, and this would not have been a story.

Instead, they are checking if their encoding could be reversed, and thousands of patients information has been put at risk.

My new data security plan. (2, Insightful)

Digestromath (1190577) | more than 5 years ago | (#23205910)

Physical Security: Lock the damn doors to the van when you leave it parked outside the Cheesy Burger.

Multi key, multi volume encryption: Lock each of the tapes in a different cabinet in the van, each with a different key.

Security through obscurity: Remove large sign on van reading "Secure Data Transport, 'Transporting your valuable data since 1991'" replace with "Flowers By Irene"

Introduce comprehensive staff security training: Hold their families hostage, and tell them that if they lose the data...

Re:My new data security plan. (1)

bev_tech_rob (313485) | more than 5 years ago | (#23206330)

You're joking, right? These couriers probably visit over 100 different businesses each day loading up with boxes of tapes and printouts for storage and/or destruction. You can't possible think that the courier's driver, being paid a little over minimum wage; is going to take the time to sort out tapes and put them in different bins. They grab the boxes, throw them in the back of the van and move on to their next stop.

The customer of said courier needs to make sure that sufficient encryption is in place on their tapes in case of loss or theft.

*Still* no encryption?? (4, Insightful)

DigitAl56K (805623) | more than 5 years ago | (#23205816)

There needs to be a law regarding data encryption. Virtually every time data is stolen, be it on CDs, laptops, backup tapes, missing hard drives, and so forth, it is not encrypted. In fact, I can think of only one case that has made press in the last 4-5 years that I can remember encryption being used to safeguard the data.

Transporting confidential data off-site via any medium, including the Internet, without industry-recognized encryption (not something that is proprietary and untested) ought to be a criminal offense with severe penalties.

TFA talks about proprietary compression and encoding and not about encryption. I simply do not believe that it is difficult to recover that data - whatever proprietary software wrote those files can be obtained from somewhere for a price. You can probably Google the file extension or some information in the header to determine the format and/or software.

"The university feels confident that the person who took [the tapes] doesn't know what they have."
They do now!

"Even though I am confident that our patients' data is safe, we felt that in the best interest of the physician-patient relationship we should be transparent in this matter."
That data is not safe. At best it is in an obscure, but not secure format.

It's incredible, really. Since TrueCrypt 5.0 arrived,I don't even carry my work laptop or flash drives around without either full disk encryption or encrypted container files on them, and they do not contain anything as sensitive as 2 million medical records.

Re:*Still* no encryption?? (4, Interesting)

WaltBusterkeys (1156557) | more than 5 years ago | (#23205906)

You can probably Google the file extension or some information in the header to determine the format and/or software.
Not everything is on Google. If we're talking tapes, we're probably talking old mainframe-level systems. That means the problem might even be at the level of accessing the tape at all. The data coming off the tape is still just a string of ones and zeroes to them.

This isn't a question where they've got a file sitting on their desktop called "Data.abx" and all they need to do is figure out what program creates an ".abx" file. In all likelihood, there's an old custom or semi-custom mainframe system that wrote this to the tape that didn't format in FAT32. (Nor would it make sense to even both with a filesystem on this type of backup system -- you're not backing up files, you're backing up a database.) From looking at a stream of data dump, there's no way to immediately make sense of it. If there's no file headers, there's not as much of a clue as to where to start. It just looks like an endless string of hex (2 million records is a lot of data).

Somehow I doubt that this is just an Access file, sorry. Or even a SQL dump. They're not complete idiots.

Re:*Still* no encryption?? (1)

DigitAl56K (805623) | more than 5 years ago | (#23205938)

If we're talking tapes, we're probably talking old mainframe-level systems.
Thats a bit of a supposition. How long has it been since tape drives hit the mainstream for large backups on cheap media? A really long time!

Why would you still use antiquated mainframes for your backups, particularly if it's 2 million records? If something happened at your site you'd need a similarly antiquated mainframe just to get your data back. That makes very little sense.

Re:*Still* no encryption?? (4, Informative)

jimicus (737525) | more than 5 years ago | (#23206202)

Why would you still use antiquated mainframes for your backups, particularly if it's 2 million records? If something happened at your site you'd need a similarly antiquated mainframe just to get your data back. That makes very little sense.
Three reasons:

1. It works.

2. IBM (assuming they are using IBM kit) mainframes are still being built today, and while they're totally different internally to the systems of 30 years ago, they're still compatible.

3. This is what companies like SunGard and IBM (yes, they have a DR consultancy team) specialise in. You tell them what equipment you'll need in a disaster recovery scenario, they agree to loan it to you. In which case, who cares how old the system is?

Re:*Still* no encryption?? (1)

jabuzz (182671) | more than 5 years ago | (#23206456)

Assuming it is an IBM mainframe, it will be LTO or 3952, anything else and it might also be a DLT/SDLT variant. The market is rapidly converging on LTO, and the latest iteration LTO4 offers on drive encryption of your data. As has any decent enterprise backup software for like a decade.

Nobody uses 9" real to real tapes these days.

Re:*Still* no encryption?? (2, Informative)

Xtravar (725372) | more than 5 years ago | (#23205970)

Somehow I doubt that this is just an Access file, sorry. Or even a SQL dump. They're not complete idiots.
Chances are, since it's a health system, it probably uses a post-relational database, typically of this variety: http://en.wikipedia.org/wiki/MUMPS [wikipedia.org]

Which means the file format could be anything...

I'm just glad they're not our customer. 8-)

Re:*Still* no encryption?? (1)

gedhrel (241953) | more than 5 years ago | (#23206072)

If they're shipping tapes regularly offsite to external storage, those aren't old reel-to-reel tapes, which is what you appear to have in mind.

LTO4 includes on-tape encryption as part of the spec.

These'll be modern tapes (which are still very much in use).

Re:*Still* no encryption?? (1)

stephanruby (542433) | more than 5 years ago | (#23206154)

Not everything is on Google. If we're talking tapes, we're probably talking old mainframe-level systems. That means the problem might even be at the level of accessing the tape at all. The data coming off the tape is still just a string of ones and zeroes to them.
Actually, this is not rocket science.

You could hook up/jerry rig any tape player that's remotely close to the backup tape in question, in terms of size and reading area of the magnetic head (the magnetic head could be bigger too), the rotation speed of the tape wouldn't matter either (it would be corrected for after the fact). The tape player would need a serial output, a headphone jack or a usb jack would work (although, for the usb connection you'd need to google for instructions to select the right pins to insert into the right holes of your serial input port).

Now if you were to hook up this tape player to a speaker, and could slow down the speed of the tape slow enough, this series of ones and zeros would start sounding like an audible pulse.

But you wouldn't need to go that far. On a Windows PC, you have HyperTerminal. On a Mac, you have Zterm. On the unix flavors, you have something else (I forget what it's called, but a scripting language should be able to do the trick for you if you just listen to the right device on the right port with the right library). With your terminal software, you will be able to tune it to the right data rate (the data rate is essentially the same thing as the timing of each pulse).

Then don't be surprised if you get to see a big dump of ascii text right in your terminal window. Also, if you examine the first bytes that come your way, don't be surprised if the parent poster was right about the header information. In the vast majority cases, it will give you the right header information right off the bat.

However if you still only see non-ascii gibberish on your terminal window, it will mean it's still in binary format, and the header information doesn't pan out (which will only happen a minority of the time). Then there is always WireShark (formerly Ethereal), that you can always google around for some screencasts on learning how to use it (youtube should have something too). WireShark will be able to infer a lot. And unless the data backup was encrypted (which is technically what they were supposed to do) then WireShark should be able to read some of that data successfully.

Re:*Still* no encryption?? (1)

stephanruby (542433) | more than 5 years ago | (#23206186)

LTO4 includes on-tape encryption as part of the spec. These'll be modern tapes (which are still very much in use).
Forget my previous post, if this university was located in my jurisdiction, it may not even be legally required to notify anyone about its loss (although, I couldn't be sure about that since I do not work in a Medical field). So please, someone chime in if you know about that.

Re:*Still* no encryption?? (2, Insightful)

filthpickle (1199927) | more than 5 years ago | (#23206960)

I work for an insurance claims clearinghouse. The company I work for takes the HIPPA laws very seriously. One big mix up with patient data and no matter how good you are nobody will want to use you.

2 million lost records is a lot, so just about any company would be compelled to own up to it...and they really aren't at risk here since they didn't knowingly or recklessly (geek level arguments about data transport aside) release the data.

Since they didn't technically violate any HIPPA laws, I don't think that they are required to report it to anyone. You can check for yourself http://www.hhs.gov/ocr/hipaa/ [hhs.gov]

I can also tell you that by their own admission, HIPPA enforcement is complaint driven, they don't do anything until someone informs them of a violation.

Re:*Still* no encryption?? (1)

asc99c (938635) | more than 5 years ago | (#23206160)

Lots of new mainframe level systems still use tapes. Many customers prefer tape drives for backup of any sensitive data - it means that you don't have to put the systems on the open internet to get offsite backups done. While tapes aren't the most robust medium for constant access, it's a very good format to write to and throw into a store room for backups.

Remember also hardware-wise, tape is still a pretty interesting format. LTO [wikipedia.org] currently uses 800GB tapes with 1.6 and 3.2 TB versions planned. The 120MB/sec transfer rate is much quicker than network backups. It's also much quicker than backups to CDs/DVDs and even matches the speed of top-end hard discs.

I'd hope it's not an Access file, but my guess is that it quite possibly is a database dump from something like SQL Server / Oracle / Informix.

Re:*Still* no encryption?? (1)

mwvdlee (775178) | more than 5 years ago | (#23206424)

If we're talking tapes, we're probably talking old mainframe-level systems.

Tapes are still the norm for large-scale backup.
Unless you still consider GB-sized files to be "large" ofcourse, in which case other technology might suffice.

Re:*Still* no encryption?? (2, Funny)

urcreepyneighbor (1171755) | more than 5 years ago | (#23206426)

They're not complete idiots.
Famous last words. :)

Always assume the person is a complete idiot, unless proven otherwise.

Re:*Still* no encryption?? (1)

Chris Mattern (191822) | more than 5 years ago | (#23206696)

They're not complete idiots.


We believe they may be lacking some critical parts.

Re:*Still* no encryption?? (0)

Anonymous Coward | more than 5 years ago | (#23206852)

If we're talking tapes, we're probably talking old mainframe-level systems.

Really? How else do you back up your windows servers? Burn to DVD? Haha.

My company has a number of LTO-4 tape drives - they hold 800 gigabytes (uncompressed) and are faster than most hard disks. They also support native AES encryption.

Re:*Still* no encryption?? (1)

apathy maybe (922212) | more than 5 years ago | (#23206102)

I knew that I would see a post saying something like this.

Yes encryption is a great thing and should be used all the time, especially on laptops. Well actually, there is one time when it *shouldn't* be used (or at least, not automatically). Want to know when that is?

For backups. Want to know the easiest way to render your carefully planned backup system useless? Forget the password for the system and not have another way in.

Oh sure, they could just write down the password (which is a good option often), but the point is, that encryption should not be automatic when making backups.

Otherwise yes, you have a point. Transferring data offsite should be encrypted. Physical security is good too, and in this case would have been more important.

Re:*Still* no encryption?? (2, Insightful)

jimicus (737525) | more than 5 years ago | (#23206224)

I knew that I would see a post saying something like this.

Yes encryption is a great thing and should be used all the time, especially on laptops. Well actually, there is one time when it *shouldn't* be used (or at least, not automatically). Want to know when that is?

For backups.
THANK YOU. I'm glad I'm not the only person who thinks this.

The backup software I use (http://www.bacula.org - a fantastic piece of work) does have the facility to encrypt everything.

But I've considered the risk to the business in the event of tape loss versus the risk to the business in the event that we can't decrypt the data because for whatever reason the office has burnt to the ground and the offsite copies of the keys aren't recoverable.

I concluded that if it's a choice between explaining a lost tape and explaining the fact that I have the tape but the sun will have burnt itself into nothing before anyone can read it, "oops, I lost the tape" was easier to explain and rather less likely to result in the business going to the wall.

You keep your backups safe - why not your keys? (1)

Animaether (411575) | more than 5 years ago | (#23206372)

Anybody who uses encryption wisely knows that they should guard the key with their life (not literally), not just from being stolen but also from being -lost-. That typically includes keeping a second set of the keys (protection against loss; unless both sites are hit at the same time) somewhere only you know about (protection from targeted theft) in a way that makes it nigh impossible to determine what they're for (protection from random theft); or just useless once realized they're compromised (change the keys, change the location, move on).

Encryption is pointless if the key itself is stored with the encrypted content (as various media protections show), and dangerous if the key can be 'lost'.

Re:You keep your backups safe - why not your keys? (1)

zippthorne (748122) | more than 5 years ago | (#23206868)

Photometer data, seismic measurements, tide levels, temperature logs, astronomical images, ephemeris data, past lotto numbers, emergency procedures, core sample measurements, and many others are all examples of things that shouldn't be encrypted. (and should probably be stored in plain ASCII delimited lists, uncompressed as well, if possible)

Identifying information about real people does not fall on that list. It's not really *your* information to lose. It is far better that you should forget a key and have to put out a call for patients to be reexamined to rebuild the database (or in many cases simply do without information you cannot re-aquire) than to betray patients who trusted you with personal information.

Re:*Still* no encryption?? (1)

ErroneousBee (611028) | more than 5 years ago | (#23206394)

Do you inform your customers that their data is shipped to remote sites unencrypted?

Yes, failure to restore due to password loss is a risk, but then so is data escape.

Having identified the password issue, you need to have a scheme to protect against password loss, particularly long-term backups. Just not encrypting replaces one problem with another.

Re:*Still* no encryption?? (1)

Chris Mattern (191822) | more than 5 years ago | (#23206714)

You have a very good point. I would say that backups that stay in the data center and are just shelved back in your tape vault should *not* be encrypted. Backups that go outside the high-security area of your data center or pass into the hands of people who shouldn't be reading them (and your off-site storage people may be trusted to hold your backups, but they still have no business reading them) need to be encrypted.

Re:*Still* no encryption?? (1)

jabuzz (182671) | more than 5 years ago | (#23206444)

I would add to this that every enterprise backup system that I know of has had the ability to encrypt the backup for ages. It's number six on the Tao of Backup, and that is 11 years old.

If the contents of your tapes are encrypted it matters not if they go missing.

Re:*Still* no encryption?? (0)

Anonymous Coward | more than 5 years ago | (#23206518)

I bet many of the companies just don't report loss of encrypted data in the first place (it was encrypted so they can't recover).. Thats actually worse in some ways since we can't tell if they used a good password or not. Better than not reporting non encrypted data, of course.

I guess there should be a rule like "you can not publically report the loss iff your data was encrypted according to NIST standards and as long as you privately report". The small loss of security would be worth the vast gain..

Relative Risk (1)

PIPBoy3000 (619296) | more than 5 years ago | (#23206668)

I work for a health care organization. We ship our backups off-site just like these guys. When it comes to encrypting hard drives, what you say makes sense. When it comes to backup tapes, it's not going to happen. The main reason is that encryption is slow. If I have to restore 500 GB of data and decrypt it, suddenly you're telling physicians that they can't get to the patient information they need to treat the patient even later than before. If someone loses the encryption keys, the information patients need to stay alive is simply gone forever.

I think it's important to safeguard information. At the same time, I see these sort of cases sensationalized and lawyers demand decisions that are incredibly stupid. We don't save e-mail past a year any more because of legal issues. This means that I can't solve issues or know what was going on unless I take cumbersome actions to save data off somewhere (made deliberately difficult). What you're suggesting is that lawyers should run even more of our business.

Re:Relative Risk (2, Insightful)

ColdWetDog (752185) | more than 5 years ago | (#23206790)

Bah, I would disagree. And IAAP (I am a physician) - who has worked in IS intermittently for decades.

First, if your recovering from an off site backup tape, something went down and it's going to take a while to get it running again. Decrypting can't add much more than 20 - 30% (number pulled from appropriate nether region) to the time. If it does you need to upgrade those C-64's you're using in the server room.

Second, if the data is bulk stuff going off site, it's obviously not a primary rapid-response data restore. It's likely historical and most likely business data with very little clinical information. Probably just ICD9 / CPT codes (diagnosis and procedure codes, look it up only if you're very, very bored).

And thirdly, if your docs are so addicted to the computers that they're going to kill people without them, they should start rethinking their approach to medicine. That sort of historical data just isn't that important. We've treated people for centuries without computers. Having all that clinical information at your fingertips is great, wonderful and certainly to be encouraged, but lack of it isn't life threatening.

Having Google go down on the other hand ....

Re:Relative Risk (1)

Captain Segfault (686912) | more than 5 years ago | (#23206930)

Two issues: firstly, how often are you actually restoring from tape? Decryption isn't slow compared to physically getting the tape from offsite. If someone loses the tape that same information is gone forever, too. And, in any event, I work (ob plug) on a hardware tape encryption product [decru.com] that solves all these problems.

In many cases the law does the right not-heavy-handed thing here -- if you lose tapes with my info on it you get a scandal. If you lose tapes with my encrypted data on it you haven't leaked any information at all, and don't even need to report it.

Re:*Still* no encryption?? (1)

The Second Horseman (121958) | more than 5 years ago | (#23206914)

Ok, so, let's say you've got a regulatory requirement to keep certain records for a long time (medical records are a good example of this). And you've got to guarantee that you can recover them no matter what. Even if the hospital is reduced to a smoking crater, or the actual company that made the backup software (or encryption software) went out of business 20 years ago. You could have a problem with conflicting regulations. You also have to factor in everything that could go wrong with the encryption system (either hardware or software based) as part of your disaster recovery plan. That's fine in the sort term, but ten years out, 20 years out, that's difficult. I'm not saying they shouldn't try, I'm just saying (having had to even worry about this a little, as well as talking to folks who have worked in healthcare) that it's not always as easy as you'd think, due to technical, budget and regulatory reasons. One way around this, of course, is to treat archiving / records retention as a different problem than backups / disaster recovery (which it is) and make sure you're using the right tool for the job. A lot of legacy systems make that split more difficult. Laptops, I agree, there's not really an excuse.

Didn't know ... (1)

Rhabarber (1020311) | more than 5 years ago | (#23205826)

The university feels confident that the person who took [the tapes] doesn't know what they have....

Ah, and how exactly does it make sense that you just told the world? (Not that I did beleve you in the first place.)

$ 100,000.000 (1)

Rhabarber (1020311) | more than 5 years ago | (#23205852)

Not to mention the fact that those records might be worth more than $100,000,000 on the black marked.

Re:$ 100,000.000 (1)

Rhabarber (1020311) | more than 5 years ago | (#23205866)

And again /. ate my reference [businessweek.com] . I know that is why they invented the preview button.

Re:$ 100,000.000 (1)

maxume (22995) | more than 5 years ago | (#23206588)

If some joker tried to sell $100 million of stolen information yo someone with the resources to buy $100 million of stolen information, they would end up dead, not rich.

Hell, the very availability of that much stolen information would destroy its value.

Re:Didn't know ... (1)

owlstead (636356) | more than 5 years ago | (#23206362)

Well, now they do...

Why-O-Why? (1)

BlackHole Basement (1277844) | more than 5 years ago | (#23205840)

Can these hospitals not be able to use armored vehicle services, such as Brinks, to take these tapes to a bank with safety deposit boxes?????
What would be so hard to set something up like that for any of the states VIP information storing?
I'm getting a little sick and tired of the lowest guy/girl on the totem pole who is in charge of delivering off site critical information and losing it. Ok, I'm done!

Re:Why-O-Why? (1)

DigitAl56K (805623) | more than 5 years ago | (#23205858)

All they need to do is create a TrueCrypt container or the like and write the data to be backed up into it before copying it to the archival medium. Then you don't need an armored vehicle, or even a stun gun. You could literally walk down the street with a disk in your hand inviting people to steal it, because it wouldn't matter at that point - the data is secured to such a degree that it is questionable whether even the government could access it. Of course, you wouldn't handle the archive that way regardless, but I would not care so much if a disk containing my details was lost if it was encrypted with AES/256-bit key and upon investigation a reputable agency (i.e. the FBI) released a statement saying that the passphrase met certain standards for data security.

Re:Why-O-Why? (1)

BlackHole Basement (1277844) | more than 5 years ago | (#23205928)

All they need to do is create a TrueCrypt container or the like and write the data to be backed up into it before copying it to the archival medium. Then you don't need an armored vehicle, or even a stun gun.


That's just it. It's becoming very mind numbing knowing that, to this day, after several "oooopppssss", this is still happening with hardly any use of encryption, especially at the health care level. I really am wondering why there are not any protocols setup with use of encryption in mind?

If encryption protocol is too complex, then why not use armored vehicles during their normal money pickups and drop them off into the companies safety deposit box within the bank?
Information is just wayyyyy too valuable to leave on the seat of any car.... IMO.

Re:Why-O-Why? (1)

zippthorne (748122) | more than 5 years ago | (#23206658)

I imagine the armored car companies refuse to transport them: the tapes are considerably more valuable per volume than anything else in the truck, and may be more valuable than the entire truck (if it's transporting mixed bills, for instance)

It might be that the armored car companies don't want to increase the profile of their trucks that much. The security is designed to make attacks more costly than the contents, which is defeated by transporting things of too significant a value.

Re:Why-O-Why? (1)

zippthorne (748122) | more than 5 years ago | (#23206678)

It's a tape backup. they don't even need truecrypt. They could just pipe it through openssl.

Re:Why-O-Why? (0)

Anonymous Coward | more than 5 years ago | (#23205874)

I'm getting a little sick and tired of the lowest guy/girl on the totem pole who is in charge of delivering off site critical information and losing it. Ok, I'm done!

The reason it keeps happening is because of a scheme where a higher-up appoints a minion to move sensitive data, then arranges for it to be stolen and sold off to identity theft rings. It looks like an accident, the unfortunate delivery boy gets canned, the higher-up gets an official slap on the wrist, and collects a smooth several hundred $K on the identity black market. Don't ask how I know.

Re:Why-O-Why? (1)

The Second Horseman (121958) | more than 5 years ago | (#23206864)

Yes, in fact, you can. I know of one data destruction company in NJ that will work with Dunbar Armored and can transport stuff from most areas to their facility. However, that type of transportation could be well beyond the budget of many organizations.

Do not panic (2, Insightful)

Psychotria (953670) | more than 5 years ago | (#23205842)

A University spokeswoman said the school has stopped shipping backup tapes off-site for now."
Well, I am sure that makes everyone sleep a little easier tonight--it's obviously all under control.

Even better (4, Insightful)

Psychotria (953670) | more than 5 years ago | (#23205894)

"The university feels confident that the person who took [the tapes] doesn't know what they have. Even if they do know what's contained inside, it's very difficult to extract that information," remarked Menendez.
I am sorry Menendez, but difficult for who exactly. Your school is not unique, nor is it the pinnacle of knowledge (no school is). If we could decrypt things 50 years ago, how is a "compression" method hard to work out?

Re:Even better (0)

Anonymous Coward | more than 5 years ago | (#23205992)

Did they even mention once in the article that the data was encrypted? I am guessing they just had their own custom format they were using. Not that hard to decode if you knew what you were looking for.

Re:Even better (1)

Psychotria (953670) | more than 5 years ago | (#23206212)

You're saying the same thing as me. Compression can be viewed as a weak encryption (and a relatively easy "encryption" to decode).

Re:Even better (1)

MMC Monster (602931) | more than 5 years ago | (#23206954)

And if it's worth 20+ million (at $14 per identity * 2 million individuals), I'm sure they can rent the help of some black hats to help them decode a tape from a proprietary system.

2 million records, or people? (4, Insightful)

pclminion (145572) | more than 5 years ago | (#23205854)

The article is very careful to phrase it as "2 million medical records." I somehow doubt that this means the medical records of 2 million separate individuals -- if it did, surely the news outlet would have said so, as it is much more dramatic. I bet a "medical record" is a single row in the database, and what was really stolen was a DB with 2 million records (as in "rows") in it. I seriously doubt the medical records of 2 million people are all collected on a single set of tapes.

Re:2 million records, or people? (1)

networkzombie (921324) | more than 5 years ago | (#23206038)

Probably right. TFA mentions "all patients at university medical facilities since Jan. 1, 1999" and "Financial data from approximately 47,000 people". The University would need over 18,000 patients per month to have two million patients over nine years. That's a lot.


As far as proprietary encoding goes, that data is owned. If it's Windows just start with Arcserve, Backup exec, etc... If it's UNIX just start with cpio, tar, dump, etc... The big question is why the vehicle was parked with the tapes in it.

I like the part where TFA states "we're not transporting anything until we conduct our own internal evaluation of the incident and see if there's anything that could have been done differently or better." I wonder how long it will take them to come up with "Don't park the van at the Cheesy Burger." (Idea stolen from previous post).

Re:2 million records, or people? (1)

MichaelSmith (789609) | more than 5 years ago | (#23206124)

If it's Windows just start with Arcserve, Backup exec, etc... If it's UNIX just start with cpio, tar, dump, etc...
Strings [ed.ac.uk]

Re:2 million records, or people? (1)

palewook (1101845) | more than 5 years ago | (#23206570)

Whoever had the hardware sitting in a car, needs to be fired and then sued by every person affected.

Still want your medical records to go digital? (1)

sweet_petunias_full_ (1091547) | more than 5 years ago | (#23205860)

It was only a matter of time before something like this happened.

Medical staff and any other people untrained in information security just aren't going to have the computer literacy or "computer common sense" to handle millions of peoples' medical records adequately.

On the other hand, if they were thoroughly trained, certified and passed through the wringer for those leet skillz, then the overhead for medical costs would balloon even higher as yet another bureaucracy (to manage *that*) is created within health maintenance providers.

But it's all in the name of tracking your every move, so I guess it's OK.

Old school (3, Funny)

LoudMusic (199347) | more than 5 years ago | (#23205916)

Tape is so last millennium. Anybody who's anybody backs up to hard drives across the internet.

Re:Old school (1)

houghi (78078) | more than 5 years ago | (#23206094)

Backup across the the Internet is last millenium as well:

Only wimps use tape backup: _real_ men just upload their important stuff on ftp, and let the rest of the world mirror it ;) Torvalds, Linus (1996-07-20) [google.com] .

Re:Old school (1)

PoisenLoaf (1042210) | more than 5 years ago | (#23206098)

..unless you have hundreds or thousands of TB of data to protect then tape is far less expensive. A $80 LTO4 cartridge these days holds 800GB and depending on hardware compression you could get 2-3x that on a single tape.

Encryption? (1)

deke_kun (695166) | more than 5 years ago | (#23205962)

If the IT staff are worth their salt then these backup tapes wont be worth anything. Anything that is in danger of being stolen should be encrypted.

I work in Health IT, and it is standard practice for us to, at a minimum, GPG encrypt any backup going offsite. Infact a practice cannot pass accreditation unless this is the case.

If this wasn't the case in this situation, then all parties involved need to have a serious think about what they're doing.

Who waited how long? (1)

Skapare (16644) | more than 5 years ago | (#23206092)

Let's see here. Archive America waited 2 days. Then the university waited 27 more days. Who needs to do the most explaining?

Proprietary compression? (1)

Skapare (16644) | more than 5 years ago | (#23206120)

Proprietary compression cannot be cracked? I can tell you that this can be hard to do. And this is from experience. I once worked at a company where a project one year involved writing some programs to extract data from files stored be various competitor products to enable customers to easily migrate to our products. I was given the one that the managers thought wasn't even possible to do, because the data look like gibberish (because, unknown to them at the time, it was compression). It took me FIVE weeks to reverse engineer it. It was not quite as good as UNIX compress, but it was much better than run length compression.

Whether these data tapes are crackable is unknown to me. But if they were encrypted by today's strong forms of encryption, then I know I could not crack that.

In 2025 those will still be valid SS numbers (4, Insightful)

plantman-the-womb-st (776722) | more than 5 years ago | (#23206368)

Get your most closely kept personal thought:
put it in the Word .doc with a password lock.
Stock it deep in the .rar with extraction precluded
by the ludicrous length and the strength of a reputedly
dictionary-attack-proof string of characters
(this, imperative to thwart all the disparagers
of privacy: the NSA and Homeland S).
You better PGP the .rar because so far they ain't impressed.
You better take the .pgp and print the hex of it out,
scan that into a TIFF. Then, if you seek redoubt
for your data, scramble up the order of the pixels
with a one-time pad that describes the fun time had by the thick-soled-
boot-wearing stomper who danced to produce random
claptrap, all the intervals in between which, set in tandem
with the stomps themselves, begat a seed of math unguessable.
Ain't no complaint about this cipher that's redressable!
Best of all, your secret: nothing extant could extract it.
By 2025 a children's Speak & Spell could crack it.

You can't hide secrets from the future with math.
You can try, but I bet that in the future they laugh
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past.

Re:In 2025 those will still be valid SS numbers (0)

Anonymous Coward | more than 5 years ago | (#23206794)

Hey buddy
why are you
manually
inserting
carriage
returns in
your post?

Don't you
know that
you need
to keep
typing even
when you
reach the
edge of
the little
text input
box?

Tape encryption is avaliable for all, use it. (2, Interesting)

vallef (955213) | more than 5 years ago | (#23206126)

Hopefully people will use tape encryption now, it's been available for years. As I am afraid that tape is still the most efficient for moving large amounts of data. Also the tape encryption is uses very strong algorithms e.g. AES-256 etc.

Some vendors like Sun and IBM give the key management stations away for free if you use encryption. People just do not understand how hi-tech tape is nowadays. Everyones perception of tape is old DAT, people need to look at Sun T10000, IBM TSxxxx or LT04. If you are archiving data for a long time there is no other ecological option than tape. It's longevity (of the quality products) has been proven over the last 20yrs. Tape is not that interesting, but it is like brushing you teeth, you know it is a good thing for the long run.

Re:Tape encryption is avaliable for all, use it. (1)

Skapare (16644) | more than 5 years ago | (#23206164)

What we need to do is get a law passed that mandates strong encryption and proper key handling for all qualifying data (anything with personally identifying information, including SSN, bank account numbers, CC numbers, health information, etc), held by any entity (corporate, organizations, governments), that is transported, transferred, or exchanged offsite by any means (tapes, disks, internet, private data circuits). There should be a minimum violation penalty for cases where the data was not stolen or taken, and stiffer penalties if it was stolen and not encrypted.

Re:Tape encryption is avaliable for all, use it. (1)

maxume (22995) | more than 5 years ago | (#23206682)

How do you fine a government agency?

Alternatively, how do you fine the employees of a government agency if there aren't any, because no one was crazy enough to expose themselves to getting fined while working at government rates?

What do you do if the budget machinery of the government they are working for won't provide funding for encryption?

It has to start with definition of reasonable practices and funding of those practices. For government, external review and control(i.e. a check or a balance) is a good idea, but it would be very hard to implement in terms of penalties or fines.

Read the important words (1)

ZorbaTHut (126196) | more than 5 years ago | (#23206148)

"For now".

I highly suspect this translates as "until we think people have forgotten about this". Why fix the problem when we can just pretend it's gone away?

Mod parent up (0)

Anonymous Coward | more than 5 years ago | (#23206452)

I thought the exact same thing, mod it up!

Time for Brinks (1)

Statecraftsman (718862) | more than 5 years ago | (#23206184)

It shouldn't be easy to steal these things. It's time valuable data is treated like it has value. That means armored vehicles for transport.

Maybe they should list SSNs, Birthdays, and Addresses in the foreign exchange markets so people will get a clue.

How many times does it have to happen? (1)

barzok (26681) | more than 5 years ago | (#23206484)

It's going to keep happening. This sort of sloppy data handling is going to continue until there's proper incentive to protect data. And that means (IMHO) crippling penalties for those involved. Penalties so immense that the business nearly goes under. Penalties for the individuals who allowed unencrypted data to be put at risk - not just the peons swapping tapes, but the executives who didn't mandate/allow proper procedures. All the way up the food chain.

This stuff has to be taken seriously, but right now - no one does.

Re:How many times does it have to happen? (1)

SRA8 (859587) | more than 5 years ago | (#23206716)

If people cared enough, they would reach out to their lawmakers and have such a law passed. California's laws were a start, but we have a ways to go. I have reached out to my representatives, but clearly it isnt a priority for most, or we'd already have laws.

Totally unnecessary (1)

Sir_Real (179104) | more than 5 years ago | (#23206614)

I wonder if the HIPPA compliance officer got canned. Why the hell wasn't this data encrypted?

I've worked on tape encryption (1)

pinguwin (807635) | more than 5 years ago | (#23206804)

I've worked on a project from a very large software company that deals with encrypted tapes and is on the market. The idea is that the tape has been stolen. Who cares? You need to get the key that encrypted it, the key of the tape drive that wrote the tape, and get a drive itself. Not easy as they vet who buys. Yes, it can be done but not by your ordinary thief. Could it have contained 2 mil medical records? I don't know, the tapes we were using two years ago were 400 gig. One person mentioned it must be related to a mainframe. Nope, modern workstations and tape drives. Tape is a thriving medium in some circles. A buttload of storage the size of a cigarette pack that is dirt cheap. The system I've worked on is on the market and the idea is very good. There were some serious problems with the project and I don't know (and truthfully don't care) if they've been worked out. However, a thief without a large, well equipped organization behind them would still be at a loss what to do with the encrypted tape.

archive company? (1)

Danzigism (881294) | more than 5 years ago | (#23206820)

I really don't understand why companies use "archive companies". It's like online backup as well. I don't trust ANYONE with my freakin data. It works simply in our shop. Every morning I take the tape from the day before and put it in my briefcase. I take it home with me so it is offsite. Why didn't the school simply just have a trustful employee take the tapes home with him? taking tapes offsite is definitely a good thing in case the building were to catch fire and whatnot, but christ, what the fuck is an archive company and why would you trust them?

Re:archive company? (0)

Anonymous Coward | more than 5 years ago | (#23206888)

Every morning I take the tape from the day before and put it in my briefcase. I take it home with me so it is offsite. Why didn't the school simply just have a trustful employee take the tapes home with him?

And why would they trust you? What if you get fired?

Do you have a temperature & humidity controlled tape safe, UL-rated against fire & theft? What if you get robbed/carjacked on the way home? Can you store hundreds/thousands of tapes at home, all indexed & inventoried?

There is a reason archive companies exist. Iron Mountain has been very successful at it.

I've said it before, and I'll say it again... (0)

Anonymous Coward | more than 5 years ago | (#23206938)



tar -cf myimportantstuff.tar myimportantdir/
gpg -r me@mysecureplace.org -e myimportantstuff.tar
scp myimportantstuff.tar.gpg me@mysecureplace.org:~/
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?