Wednesday, June 4, 2008

Army hospital says 1,000 patients may be affected

Patient Information Exposed in Data Breach at Walter Reed

By Martin H. Bosworth

June 3, 2008
Data Theft
• Patient Information Exposed in Data Breach at Walter Reed
• Supermarket Chain Reports Data Breach
• Report: Feds Still Not Doing Enough To Secure Data
• Data Thieves Hit Georgetown University Students, Faculty
• 800,000 Job Seekers At Risk In Gap Data Breach
• TJX Data Breach Settlement Has Strings Attached
• More ...

Patients at Walter Reed Army Medical Center and other military hospitals had their personal information exposed in a security breach, officials said. As many as 1,000 patients may have been affected.

Details are scarce but Walter Reed officials said that the breach, which included names, Social Security numbers, and birth dates, was discovered on May 21 by a third-party data mining company, which the hospital did not identify.

Officials said the company found the exposed file while on another assignment and contacted Walter Reed.

The Associated Press reported that Walter Reed officials would only confirm that the data was found on a "non-governmental, non-secure network."

Walter Reed is contacting patients who were affected by the breach, and has set up a toll-free hotline (1-877-854-8542, ext. 9) for patients to determine if they were affected. Individuals affected by the breach will have credit monitoring services provided for them, the hospital said.

Government and military installations have encountered numerous forms of data breaches in recent years, from lost laptops, to accidental posting of information online, to sharing data without proper security precautions.

The biggest known government data breach on record remains the loss of records on 26.5 million veterans when a laptop containing the data was stolen from the home of an analyst for the Veterans' Administration (VA).

The laptop was eventually recovered, but not before investigators admitted keeping the breach secret for several weeks, as well as hiding several other breaches that had taken place during the last few years.

Other breaches included the accidental unencrypted transmission of 580,000 military members' personal data by contracting company SAIC in July 2007. SAIC had been handling health care processing claims for TRICARE, the military medical network, and had been assisting multiple branches of the military as well as the Department of Homeland Security (DHS).

The extensive outsourcing of many governmental and military functions to private contractors has been criticized as a potential threat to national security.

In 2006 a report by the Government Accountability Office (GAO) criticized the trend, particularly in cases when contractors who had received outsourced government information then subcontracted the data out to third-party companies, many of which were located outside the United States.

Sphere: Related Content

No comments: