[ISN] Hospital patient data revealed

From: InfoSec News <alerts_at_private>
Date: Mon, 20 Oct 2008 02:14:51 -0500 (CDT)

The Free Lance-Star

A security breach in an online computer system at Mary Washington 
Hospital exposed the private medical information of some of its 
maternity patients.

A man who tried to use the Fredericksburg hospital's online registration 
system for his expectant wife said the files for 803 patients were 
publicly available on the site.

On Friday, a hospital official described the breach as an "anomaly."

She said the man was the only person to see the files, that he opened 
only two of them and that he did not print or download any data.

"We believe that this is a one-time incident," said Kathleen Allenbaugh, 
hospital spokeswoman.

Hospital officials first learned of the breach when a Spotsylvania 
County sheriff's deputy notified them that the online registration 
feature at the MediCorp.org Web site was not working correctly.

Rebecca and Gary Dennison, a Spotsylvania couple, had contacted police 
after learning that their private medical information was visible on the 

Rebecca Dennison is expecting the couple's first child in November, and 
had preregistered online for her delivery.

Dennison said last week that a stranger who gave his name as "Mike" 
called her house the night of Saturday, Oct. 11, to tell her that he was 
looking at private information about her and her husband on the MediCorp 

The man knew the couple's Social Security numbers, phone numbers, 
address, insurance carrier, her birth date and her doctor's name.

She was concerned, she said, because her husband was in Delaware on 
business at the time.

"I was in shock," she said. "I didn't know what to do. It was 11 o'clock 
at night."

Dennison called her husband, who contacted the Sheriff's Office after 
talking with Mike. A Spotsylvania deputy called Mike and then called the 

Reached by phone last week, Mike said he was reluctant to talk about the 
incident, and agreed to do so only if his last name was not be used.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Mon Oct 20 2008 - 00:14:51 PDT

This archive was generated by hypermail 2.2.0 : Mon Oct 20 2008 - 00:21:11 PDT