This week Lincoln Medical and Mental Health Center of NY suffered an embarrassing data breach resulting from a lost FedEx shipment of CDs. More than 130,000 medical records were exposed in this breach and it is small consolation to read that “Siemens was promptly directed to suspend further transport of CDs by the carrier.” Of particular note in this data breach is the fact that both Siemens and Lincoln Medical and Mental Health Center thought it was an okay idea to ship CDs of unencrypted healthcare data as part of a standard business process, until of course a shipment went astray. Did the word HIPAA never come up? Why would anyone think it is a good idea to ship CDs of unencrypted healthcare data when there are readily available secure file transfer solutions?
DataLossDB the Open Security Foundation tracks data breaches and lists 134 data breaches from Snail Mail affecting 2729 Organizations in its database. This week’s Lincoln data breach adds one more organization who has experienced the security hazards of shipping sensitive information unencrypted via the mail.