Article

Walter Reed admits breach of patient information

Robert Westervelt, News Director
Officials at Walter Reed Army Medical Center are investigating how the personal information of 1,000 former patients was left unsecured on a hospital computer.

    Requires Free Membership to View

The information did not contain any protected health information such as medical records, diagnosis or prognosis for patients.
Col. Patricia Horoho
commanderWalter Reed Health Care System

Hospital officials said they were notified of the data breach May 21 by an outside company. Few details are available, but investigators say the information may have been disclosed via a peer-to-peer (P2P) network.

"Preliminary results of an ongoing investigation have identified a computer from which the data was apparently compromised," the hospital said in a statement.

In a message on the Walter Reed website, Col. Patricia Horoho, commander of the Walter Reed Health Care System, shed some light on how the information was compromised.

"I need everyone to ensure that they are not loading or downloading programs that are not authorized by the command, as it increases our vulnerability and possibly can cause a breach in protected information being shared," Horoho said.

The message was addressed to Team WRAMC and was posted on the Walter Reed website this morning, but has recently been removed.

Organizations have a number of ways to monitor employees and detect the use of unauthorized programs on the network. Standard firewall rules can be put in place to detect P2P traffic and intrusion prevention systems can be tuned to see P2P protocols and other similar activity on the network, said Phil Hochmuth, a senior analyst at Boston-based Yankee Group.

P2P risks:
Do P2P networks share the same risks as traditional ones? Although P2P networks have their benefits, organizations still need to be careful with the peer-to-peer technology.

IM/P2P threats surge ahead: Malicious attacks against IM and P2P programs have surged since the start of the year, a consortium said in a new report.

"P2P is a direct conduit out of your organization that is hard to monitor through which personal data can easily move," Hochmuth said. "It's potentially a giant hole punch in your network perimeter."

Still, some traditional inspection and monitoring technologies have trouble detecting unauthorized programs. For example, data transmissions of the P2P service, Skype are often hard to detect, Hochmuth said.

"They're more dynamic and move very easily from port to port," Hochmuth said.

It's unclear what kind of information may have been leaked at Walter Reed. The hospital is notifying each individual named in the file and offering credit monitoring assistance.

The Health Insurance Portability and Accountability Act (HIPPA) protects patients from unauthorized release of their health records.

"The information did not contain any protected health information such as medical records, diagnosis or prognosis for patients," Horoho said.

The federal government has had issues in the past with lost and stolen laptops compromising sensitive information.

In 2006, an employee at the Department of Transportation (DOT) lost a laptop containing 133,000 drivers' and pilots' records last summer. The information was believed to have been taken from a government vehicle. That same year, the Department of Veterans Affairs (VA) acknowledged a data security breach involving a desktop computer compromising the personal information of thousands veterans.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: