Three unencrypted backup tapes containing the personal information of more than a million and a half individuals have gone missing from Nemours, a children's health system based in Wilmington, Del.

How many victims? 1.6 million

What type of personal information? Names, addresses, dates of birth, Social Security numbers, direct deposit bank account numbers, and data on insurance and medical treatments.

What happened? The tapes, which were stored in a locked cabinet following a computer systems conversion completed in 2004, were reported missing on Sept. 8. It is believed they were removed around Aug. 10, during a facility remodeling project.

Details: The breach affects patients and their guarantors, vendors and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida and who provided information between 1994 and 2004. 

Quote: “This is an isolated incident unrelated to patient care and safety,” said David Bailey, president and chief executive officer of Nemours. “The privacy of our patients, their families and our employees and business partners is a high priority to all of us at Nemours.”

What was the response? Affected individuals are being notified and offered one year of free credit monitoring and identity theft protection. In addition, the company is taking steps to strengthen its data security practices, such as encrypting all computer backup tapes.

Source: http://www.nemours.org/, Nemours, “Nemours Reports Old Computer Backup Tapes Missing,” Oct. 7, 2011.