Security breach at Concord Hospital

[error]

This is what government interference in health care and computer security gets you. And don't forget that national ID number, the SSN.

Security breach exposes Concord Hospital patient data

A security lapse exposed the personal information of more than 9,000 Concord Hospital patients, leaving their names, addresses, dates of birth and social security numbers unprotected on the internet "for a period of time," the Concord Monitor has learned. The hospital notified patients of the problem today, more than a week after the hospital found out about the security lapse from a subcontractor that handles its online billing, according to a hospital statement released to the Monitor.

No credit card information was exposed and, to the hospital's knowledge, no personal health information was at risk or compromised, according to a statement released to the the Monitor yesterday afternoon. "Our patients' privacy is of the utmost importance, and we will remain diligent in our efforts to prevent this type of breach for ever occurring again," said Hospital President and CEO Michael Green.

A Washington-based company called Verus Inc. notified Concord Hospital May 30 that an unintentional lapse had occurred in the data security procedures when the company turned off a firewall for maintenance purposes. As soon as the lapse was identified, the problem was corrected and the personal information at risk was immediately secured, according to the statement.

The web component that allows patients to view and pay their bills online has currently been shut off. The hospital has also established telephone hotlines for patients with questions. Those numbers are 603-230-7399 or toll free at 1-866-518-7587.

[penguins4me]

At this point, I just have to assume that any two-bit computer cracker has all my pertinent info stashed in one of many databases somewhere. With the identification also being the authentication, you have a completely broken model - "they" know, "they" don't care.

The good news? Those two-bit crackers also have everyone else's info, so chances are good that you'll be dead by the time they woirk their way down the list to you, unless you have the misfortune to have the surname Aarvark, or some such.

[d_goddard]

At this point, I just have to assume that any two-bit computer cracker has all my pertinent info stashed in one of many databases somewhere.

Not really.
Aside from fairly uncommon breaches like this one, a lot depends on how careful you are with your information.
http://www.nhliberty.org/nh_id_theft

What blows my mind is that the shut down the firewall at all for "routine maintenance"... hello?

[lildog]

Based on the hoops I had to jump through while doing anything with medical data when I worked with it in CT I'm shocked at this story.  I wasn't even allowed a printout on my desk if it had anything personal on it if I wasn't sitting right there at the time.  They'd even had people check up on things like that.

And to actually access the data forget it!  We had to carry cards that you put in a special drive in your PC just to gain access to the SQL database and then that was shut up tighter then a frogs ass.

[d_goddard]

access to the SQL database and then that was shut up tighter then a frogs ass.

That's what a lot of civilians believe about their databases