Are We Getting Too Much Info About Data Breaches?

Some 2,000 patients at Beth Israel Deaconess Medical Center in Boston have gotten one of those letters; you know, the one where a company or organization says, sorry, but we've let loose your personal information.

This time, though, it would appear as though the potential for damage is virtually non-existent.

And while I'm not suggesting that the hospital shouldn't have told its patients what happened, it's not at all clear as to what good getting the notifications has done them.

From a story this morning by Hiawatha Bray in the Boston Globe:

The computer contained medical record numbers, names, genders, and birthdates of 2,021 patients, as well as the names and dates of radiology procedures they had undergone. But the computer did not contain the patients' financial data or their Social Security numbers, which can be used to steal identities and defraud banks.

"We are grateful no Social Security numbers or financial information were released and apologize for the inconvenience and deeply regret any concern this situation may cause,'' said John Halamka, the hospital's chief information officer.

It's not clear whether the hospital had a legal obligation to send the notifications.

The good news is that the stolen information was encrypted, according to Halamka.

The bad news is that patients, especially those less technically savvy, are undoubtedly concerned.

And it's possible, I suppose, that the hospital is mistaken or being less than forthright and that more personal information was compromised, thus creating a potential for identity theft that does not otherwise appear to be here. Personally, I would not suspect that to be the case.

There's no cause to cancel credit cards or sign up for credit monitoring or do anything else that is routinely advised for the victims of more serious data breaches.

So what are these 2,021 radiology patients left to do with this concerning information?

Except worry.

Welcome regulars and passersby. Here are a few more recent buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up. Follow me on Twitter here.

Subscribe to the Security Watch Newsletter

Comments