The University of Miami is mostly getting praise for the way it has handled notification of the theft of patient medical information last week. (For more on that, see Shalala's Message on U.Miami Employee Medical Data Privacy Breach.) Here's an example of the positive publicity from a Wall Street Journal blogger, calling the U's response exemplary.
Meanwhile, however, I seem to be one of the 47,000 people whose credit card info was on one of those tapes and have got the boilerplate note suggesting I check my credit history and put fraud warnings on my cards. Recall, though, that both the University and the Secure Information Services group at Terremark say that the data is very hard to read.
Hard to read, perhaps, but maybe not impossible to read. And it seems that the data could have been encrypted, but wasn't.
So should I worry or not? So far, I'm leaning, “not”.
