toastyfrog.net

And from the “What the #$%#*& were they THINKING?” department (which might more aptly be named the “Why the @#$%%$^ weren’t they THINKING?” department), we bring you this breaking news from Portland, OR…

Providence Health Systems apparently thought that having various managers carry copies of electronic patient data around with them was a better idea than paying for all those expensive professional-type offsite backups. Riiiiight. And the petty thief who stole the bag containing confidential patient information on 365,000 (that’s a comma, not a decimal place, folks) Providence patients (oh, yeah, and employee data on about 1500 employees, too) off the front seat of one of their personal vehicles is now scrambling to find the best way to leverage the goldmine he’s sitting on. And he’d have been happy just to score an iPod!

365,000. That’s one thousand identity thefts per day for a full year. (I can still do complex math like this after working all night, isn’t that impressive?)

But not to worry, surely such sensitive data was securely encrypted, right? Gee, now that you mention it, ummm… not so much. Not even just a little bit, actually. All those social security numbers and names and birthdays and addresses and intimate medical details were all just right out there in plain view. Makes restoring the backups easier, dontcha know.

Let’s see. If one HIPPA violation means a fine of, what is it, $50,000? Then 365,000 of them is… okay, too complicated for me in my present condition, but possibly enough to pay off the entire US national debt!

And that’s not even taking into account the potential lawsuits (if you read the article you will notice that the author has done a fine job of coaching the reader on just exactly how one should correctly go about instituting such a suit).

Wow. I am *SO* glad I work for Legacy (which is probably launching a full-scale IT review of electronic data backups and security measures as we speak)!