NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> 2008-q4

[ISN] Hospital patient data revealed

From: InfoSec News (alertsinfosecnews.org)
Date: Mon Oct 20 2008 - 02:14:51 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.fredericksburg.com/News/FLS/2008/102008/10192008/418223

BY JIM HALL
The Free Lance-Star
10/19/2008

A security breach in an online computer system at Mary Washington
Hospital exposed the private medical information of some of its
maternity patients.

A man who tried to use the Fredericksburg hospital's online registration
system for his expectant wife said the files for 803 patients were
publicly available on the site.

On Friday, a hospital official described the breach as an "anomaly."

She said the man was the only person to see the files, that he opened
only two of them and that he did not print or download any data.

"We believe that this is a one-time incident," said Kathleen Allenbaugh,
hospital spokeswoman.

Hospital officials first learned of the breach when a Spotsylvania
County sheriff's deputy notified them that the online registration
feature at the MediCorp.org Web site was not working correctly.

Rebecca and Gary Dennison, a Spotsylvania couple, had contacted police
after learning that their private medical information was visible on the
site.

Rebecca Dennison is expecting the couple's first child in November, and
had preregistered online for her delivery.

Dennison said last week that a stranger who gave his name as "Mike"
called her house the night of Saturday, Oct. 11, to tell her that he was
looking at private information about her and her husband on the MediCorp
site.

The man knew the couple's Social Security numbers, phone numbers,
address, insurance carrier, her birth date and her doctor's name.

She was concerned, she said, because her husband was in Delaware on
business at the time.

"I was in shock," she said. "I didn't know what to do. It was 11 o'clock
at night."

Dennison called her husband, who contacted the Sheriff's Office after
talking with Mike. A Spotsylvania deputy called Mike and then called the
hospital.

Reached by phone last week, Mike said he was reluctant to talk about the
incident, and agreed to do so only if his last name was not be used.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]