Related Links

Related Stories

  • A Breach too Far
    How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates
  • Heartland settles with MasterCard over data breach
    Heartland Payment Systems, the fifth-largest payment card processor in the US, has made a third settlement deal in what was one of the largest data breach incidents in history. This time, MasterCard has agreed to take a 41.4m payout for its card issuers.
  • Securing Electronic Health Records
    Electronic health records are supposed to improve the efficiency and accuracy of healthcare delivery. However, with electronic records come security headaches, and the potential for data breaches. John Sterlicchi examines what the industry is doing thus far to facilitate a secure transition toward electronic health records
  • Infosecurity Europe 2010: Survey says US boasts highest data breach costs
    A newly released global survey by the Ponemon Institute shows that, among five of the largest industrialized nations, data breaches affecting US organizations are the costliest both in terms of cost per compromised record and the overall price tag per incident.

Top 5 Stories


South Shore Hospital data breach may affect up to 800,000; contractor named

22 July 2010

Earlier this week, Massachusetts-based South Shore Hospital informed patients, employees, and others affiliated with the institution that personal information may have been exposed when it contracted a data management firm to dispose of outdated files. Now comes news that the company South Shore used was Archive Data Solutions, according to publicly filed records from the Department of Health and Human Services.

South Shore Hospital, located in South Weymouth, Mass., posted notification of the data breach on its website earlier this week. The hospital, which is in the process of personally notifying affected individuals via conventional mail, said the incident occurred this past February when it sent outdated data files to a professional data management company to have them destroyed.

A lengthy list of those affected includes patients, employees, donors, volunteers, vendors, and other partners – up to 800 000 in all, from January 1996 through January of this year. A host of personal information was contained on the files, from driver’s license numbers, SSNs, medical records, and even banking details for what South Shore said is “a small subset”.

South Shore said it shipped the backup files to the then unnamed contractor but was informed months later that only a fraction of the boxes were received. This set in motion the necessary HIPPA reporting process, as South Shore informed the Massachusetts Attorney General, the Massachusetts Department of Health, and the US Department of Health and Human Services about the potential data breach.

A spokesperson for South Shore Hospital told Infosecurity that details of the case could not be disclosed because of the ongoing investigation, including the name of the data management company it used.

But it has come to our attention that Archive Data Solutions – formerly known as Iron Mountain Data Products – was the other party involved, which has been confirmed by the Department of Health and Human Services via its Health Information Privacy disclosure website. The HITECH act of 2009 requires that all data breaches affecting the private medical information of more than 500 individuals be posted on the department’s website.

“Iron Mountain Incorporated and its affiliates were not involved with the incident that South Shore Hospital says led to losing several of its computer backup tapes. Archive Data Solutions ( was the vendor”, an Iron Mountain spokesperson told Infosecurity.

“Until recently, Archive Data Solutions – which is not a subsidiary or affiliate of Iron Mountain – operated under the name ‘Iron Mountain Data Products’. Archive Data Solutions previously licensed the ‘Iron Mountain’ name specifically for the sale of data products, not services apparently related to this incident”, the spokesperson added.

Archive Data Solutions did not return requests for comment.

This article is featured in:
Compliance and Policy  •  Data Loss


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×