Dedicated to providing the latest
HIPAA compliance news

Hard Drive Theft Sees Data of 1 Million Individuals Exposed

Share this article on:

Washington State University (WSU) in Seattle is notifying approximately 1 million people that some of their personal information has been exposed following the theft of a computer hard drive.

The hard drive was used to store backup information from a server used by the University’s Social & Economic Sciences Research Center (SESRC). The hard drive was stored in an 85lb locked safe. That safe, along with the contents, was stolen.

There is a possibility that the safe has been opened and the information on the hard drive has been accessed. The thieves would require some skill to view the information as data were stored in a relational database which is not straightforward to access, although it is possible that the thieves could figure out how to view the information.  WSU says some of the files on the device were password protected and some had been encrypted.

The University discovered the safe was missing on April 21, 2017 and immediately conducted an investigation. WSU brought in a leading computer forensics firm to determine which data were backed up on the device and could potentially be accessed. That investigation revealed the device contained personally identifiable information of research participants, including names, addresses and Social Security numbers. The data came from a variety of sources, including school districts and colleges that track students after graduation and ran from 1998 to 2013.

WSU cannot confirm if the safe was opened or if the information on the drive was accessed, although it has received no indications that information has been viewed. However, as a precaution, all individuals impacted by the incident are being offered membership to Experian’s ProtectMyID service for 12 months without charge.

The incident has prompted WSU to perform a thorough review of its IT practices and policies and information technology operations will be strengthened as a result of the breach. Staff will also receive additional training on data handling best practices.

The data breach will prove costly for WSU. The recent Ponemon Institute/IBM Security Cost of a Data Breach Study calculated the average cost of university data breaches to be $245 per exposed record, although some of that cost is likely to be covered by the university’s cybersecurity insurance policy.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On