The tapes were stored in a locked cabinet at its facility in Wilmington, Del., following a computer system conversion completed in 2004, Nemours said. The tapes and locked cabinet were reported missing on September 8, 2011, and are believed to have been removed around August 10, during a facility remodeling project, it added.
The information on the tapes dates between 1994 and 2004 and relates to approximately 1.6 million patients and their guarantors, employees, and vendors at Nemours facilities in Delaware, Pennsylvania, New Jersey, and Florida.
The missing backup tapes contain information such as name, address, date of birth, social security number, insurance information, medical treatment information, and direct deposit bank account information, Nemours explained.
Nemours is notifying individuals who may have been affected and offering them one year of free credit monitoring and identity theft protection, as well as call center support. Additionally, Nemours said it is taking steps to strengthen its data security practices. These include moving toward encrypting all computer backup tapes and moving non-essential computer backup tapes to a secure off-site storage facility.
Nemours said it retained independent security experts who determined that “highly specialized equipment and specific technical knowledge would be necessary to access the information stored on these backup tapes.”