News of the Day ... In Perspective08/7/2006
Georgetown University Hospital suspends e-prescribing
After a computer consultant stumbled upon an on-line cache of data belonging to thousands of patients, Georgetown University Hospital suspended a trial program of electronic prescription writing.
The leaked information included patients’ names, addresses, birth dates, and Social Security numbers, but not medical data or the drugs that were prescribed.
The hospital had securely transmitted the data to e-prescription provider InstantDx. But a consultant accidentally discovered the data on InstantDx’s computers while working to install medical software for a client.
“The breach highlights the liabilities of sharing private medical records with third parties as the industry crawls toward electronic record keeping,” writes Kevin Poulsen.
The incident also underscores the increasing exposure for security professionals. Bug-finders have recently lost jobs or faced criminal prosecution for going public with their discoveries.
The breach occurred with a popular software, called Medisoft, an all-in-one medical office suite capable of handling everything from appointments to billing. It is used by 70,000 practitioners worldwide.
“My home network is probably 10 times more secure,” said consultant Randall Perry, who discovered the problem (Kevin Poulsen, Wired News, Jul 25 2006).