Peer-to-peer (P2P) applications may have been the culprit in a security breach that has exposed the personal information of more than 1,000 patients at Walter Reed Hospital, according to early reports.
Names, Social Security numbers, birth dates, and other information was exposed through a single computer file, hospital officials said Monday. The file did not include information such as medical records, or the diagnosis or prognosis for patients, they said in an Associated Press report.
The officials declined to discuss the nature of the breach with AP, citing an ongoing investigation. However, according to an industry news report, Col. Patricia Horoho, commander of the Walter Reed Health Care System, posted a Website message yesterday which suggests a potential P2P leak."I need everyone to ensure that they are not loading or downloading programs that are not authorized by the command as it increases our vulnerability and possibly can cause a breach in protected information being shared," the message said. Horoho's message has since been pulled from the Walter Reed site, but the trade journal managed to get a screen capture before the message disappeared.
The medical center learned of the breach on May 21 from an outside data mining company, which officials did not identify. They said the company was working for another client, found the file and contacted Walter Reed.
The hospital said it is working to notify all of the people named in the data file. Letters or emails were being sent out, beginning Monday. Officials declined to say how many patients were from Walter Reed and how many were from other military hospitals.
The chairman of the House Armed Services Committee, Rep. Ike Skelton, D-Mo., said he wants to hear from the Army about its investigation.
"It's very troubling when private data is inappropriately released," Skelton said. "We must ensure that personal information is protected and prevent any future compromise of patient records."
No comments:
Post a Comment