Visit www.barracudasecurity.com

Visit www.barracudasecurity.com

Legend

Location Of Theft in AQUA BLUE
URL Of Linked Article In STEEL BLUE or GREEN
Full Content Of Article In BLACK
Theft Description In Body Of Article in RED

Tuesday, January 09, 2007

US HOSPITALS POPULAR IDENTITY THEFT TARGETS Hospitals Becoming Popular ID Theft Target

January 9, 2007
Hospitals Becoming Popular ID Theft Target
By Ed Sutherland

News of the theft of a computer containing the personal data of 38,000 cancer patients across five states highlights the evolution of identity theft. Medical data is now more prized than Social Security numbers, privacy advocates tell internetnews.com.

While Social Security numbers are increasingly common, a medical record of cancer or AIDS patients is worth its weight in gold, Pam Dixon, executive director of the World Privacy Organization, told internetnews.com. "Cancer patients are big money." The reason: fraudulent medical charges can easily hide among the many legitimate costs.

The stolen computer belonged to Cincinnati-based Electronic Registry Systems (ERS), a private company that maintains federally mandated cancer patient records. The computer contained the records from five hospitals, three of which are in Georgia, Tennessee and Pennsylvania. ERS refused to identify the other two.

Responding to the incident, Emory advised patients to place a fraud watch on their credit records, which is a common reaction to data breaches.

However, checking credit records won't alert patients to fraudulent medical charges. Affected patients need to check their medical files, Dixon said.

Despite assurances that the computer had two passwords and the data was encrypted and usable only with proprietary ERS software, Dixon said gaining access was a simple matter.

"We're beyond that level of innocence," she said, adding that files could be read and copied and leave no fingerprints.

ERS said the patient data was stored on the computer unencrypted to convert the information to its proprietary format. As a result of the theft, the company said it has made changes to improve security.

In May, a Veteran's Administration laptop containing the personal data of 29 million veterans was stolen. But the largest medical data breach happened in 2005 when a laptop holding the personal information of 365,000 patients was stolen from an employee of Oregon's Providence Health System. The data was unencrypted.

Last year, Providence settled with Oregon's Attorney General, agreeing to spend millions to correct the blunder

Posted by Nodrog at 7:21 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)