• On TV.com: TOP 10 Shows CANCELED Too Soon
June 3, 2008 1:15 PM PDT

U.S. Army hospital says patient information was compromised

by Elinor Mills
  • Font size
  • Print
  • 5 comments

Updated 3:30 p.m. PT with idCure opinion.

Personal information of some 1,000 former patients of the Walter Reed Army Medical Center may have been leaked via a peer-to-peer network, hospital investigators say.

Hospital officials learned of the security breach last month and publicized it on the Walter Reed Web site early on Tuesday, however the message has since been removed, according to an article on the SearchSecurity.com site.

It's unclear what information was compromised, but the hospital specified certain types of data that were not included on the unsecured hospital computer.

"The information did not contain any protected health information such as medical records, diagnosis or prognosis for patients," Col. Patricia Horoho, commander of the Walter Reed Health Care System, reportedly wrote in the message.

"I need everyone to ensure that they are not loading or downloading programs that are not authorized by the command as it increases our vulnerability and possibly can cause a breach in protected information being shared," Horoho wrote.

All the technical controls in the world won't help if employees don't know what they can and can't do with regard to safe Internet activities at work, said Bryan Thornton, director of information security planning for idCure, a company that helps corporations and consumers prevent and counter identity theft.

"Walter Reed has a very robust information security program in place. They have done all kinds of things over the last decade specifically to address privacy concerns," Thornton says. "But what they've done here is show that everything they have done may as well be worthless simply because of the fact that they didn't make their employees a part of it."

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security

Tags:

privacy,

security

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
GE launches eHealth, hopes for early adopters
One small strip of plaster, one giant strip of data
New York hospital revives ailing computer network
Oregon end-of-life forms go electronic
Intel debuts text reader for the blind
GE shows off pocket-size ultrasound scanner
Patients administer HIV tests as accurately as pros
Microsoft patches critical hole in Windows kernel
Add a Comment (Log in or register) (5 Comments)
  • prev
  • 1
  • next
by Schratboy June 3, 2008 2:02 PM PDT
The user is always going to be the biggest security threat. If this public system contained confidential information, why was the system even connected to the Internet?
Reply to this comment
by Kings X Rocks! June 4, 2008 5:52 AM PDT
Because users think that internet access is a god given right...
by UNiHacker June 4, 2008 7:03 AM PDT
I agree with Schratboy, if this stuff is so sensitive, disconnect it from the Inter-NET. We do this at my office in our labs. We never connect ubber critical systems to the internet.
Reply to this comment
by JR_Reagan June 5, 2008 1:32 PM PDT
There is an inherent assumption that a hospital will protect its customers' information. For customers, hearing "it's unclear what information was compromised" has the potential to break trust and reflect the conditions that customer data is constantly moved, copied, accessed and forwarded across organizations, opening the door for a host of security risks. For hospitals and other organizations, we've been counseling to protect customer data from the inside out, focusing on management first, with defense against attacks and threats coming second.

- J.R. Reagan, Vice President, Global Risk, Compliance & Security www.bearingpoint.com
Reply to this comment
by benjaminstraight July 27, 2008 3:36 PM PDT
What a shame. People served and then info is compromised.
Reply to this comment
(5 Comments)
  • prev
  • 1
  • next
advertisement

13 games for newer iPhones

So you've got an old iPhone or iPod and want to see what some of the latest games are doing with the newer hardware? We've checked out 11 titles to show you the differences.
• Images: Old vs. new

Intel to pay AMD $1.25B in settlement

Antitrust and intellectual property fights come to an end for now. AMD will drop pending litigation, and Intel will "abide by" a long list of prohibitions.
• AMD: Our claims are 'ratified'

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET