http://abclocal.go.com/wls/story?section=local&id=5164853 By Ravi Baichwal March 29, 2007 A Chicago hospital worker is charged with stealing patient information. An emergency medical technician is accused of using his job to access the sensitive data of at least eight patients at UIC Medical Center for his own use. The EMT has been fired from the hospital. A criminal investigation is underway as the UIC hospital warns other patients about the security breach. Officials at UIC Medical Center, an award-winning institution in the field of computerized patient medical records, tell ABC7 the criminal investigation was launched last month. They say they discovered an EMT had improperly accessed patient records. That EMT is 28-year-old Leslie Langford. He faces several charges including identity theft. "We do take this very, very seriously and immediately responded as soon as we were alerted to the investigation by UIC police," said Sherri McGinnis Gonzalez, UIC spokesperson. UIC says an EMT was fired last month as soon as it came to light that eight patient medical records were inappropriately accessed by someone with privileged access to those records. The hospital has sent out letters to over 240 patients saying their records may have been similarly breached and they should take steps to avoid becoming victims of identity theft. "The information that the employee had access to was demographic, personal medical information, and we believe that person used that information in an inappropriate manner," said McGinnis Gonzalez. Exactly what that is the hospital would not explain, citing the criminal investigation, but the hospital stressed this was not a case of a breach of the system to the outside world. "Administrators were able to look at the electronic medical records system and actually track what records this employee had access to and it actually helped in the investigation," said McGinnis Gonzalez. But patient information is now out there. And one expert in identity theft suggests UIC could be doing a lot more -- such as buying identity and credit monitoring services for victims -- as one way to make up for the fact that it is nearly impossible to insure those with access to information don't succumb to the temptation to sell it. "There is you know a clear exchange out there, almost like a stock exchange in ideates, and the more information you have the more the identities are worth, and in fact, if you go out there to the right places looking for it, there is almost like a bid-ask situation out there where there is a floating set of prices out there, 'I have this many names, and this type of information, what can I get for it?' " said Garnet Steen, RelyData.com. "The nightmare scenario isn't just the consumer has some credit cards opened up in their name, but somebody obtains medical services in their name and that that medical information gets co-mingled with their own," said Steen. Leslie Langford is the son of Chicago Fire Department Spokesman Larry Langford. Larry Langford told ABC7 this is a private family matter and they are working with Leslie concerning this issue. _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Mar 29 2007 - 22:50:17 PST