DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The real story doesn't require psychic powers

Posted on July 12, 2011 by Dissent

Since the story first broke yesterday, I’ve been somewhat fascinated by the case of a Colorado Springs nurse who has reportedly been fired for misusing/exceeding her access to Physician Link to access the records of 2,500 patients at Colorado Springs Hospital that she had no legitimate reason to access.

According to an updated version of their original news coverage:

Niell denied that she had accessed “anywhere close to“ 2,500 records but admitted to the Gazette Monday night that she did use the database for personal reasons, such as to look up the phone number of a friend that she had lost. However, she said that using the database that way is common practice for many in the medical community.

“That’s my crime, but as far as this other allegation, absolutely ridiculous. I wouldn’t dream of doing what they’re accusing me of,” she said. “I guarantee that accessing the database for stuff like that is rampant in the medical community. If you talked to other medical people, you’d find out that it’s pretty damn common.

“If they are going to get me for that, they would have to get a tremendous number of people for that.”

She said she is being investigated because her supervisors were uncomfortable with her psychic ability. Niell, who said she has had three near-death experiences, said she was often able to get a psychic reading from people she was around. Once, she said, she was recognized by the city after correctly warning a patient he was close to a heart attack and advised him to seek immediate treatment.

“The city gave me a plaque for life-saving intervention,” she said. “They liked it when it worked for them but didn’t like it when I made them uncomfortable.”

Niell said her supervisor was looking for a way to fire her after Niell told her about a possible life-threatening condition and the supervisor became angry. Niell admitted she later accessed the database to see if the supervisor heeded her advice and sought treatment.

City spokesman John Leavitt said Niell became a target of an investigation after her supervisor noticed unusual activity on the system, including how many times it was being accessed and from where it was being accessed. Memorial was notified on May 20.

I have no doubt that the nurse is right – that the problem of inappropriate access is rampant.  Which leads us to the real story here:  why was she able to access those records? What kind of authentication system does Physician Link use to ensure that only people who should be able to access a file are able to do so?  Logs can point out a problem after it happens, but what about prevention?

No related posts.

Category: Health Data

Post navigation

← Monsanto hacktivists dump some data as they ramp up
The Sun defends itself against accusations concerning Brown's child (updated with apology from The Guardian) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy
  • 70% of healthcare cyberattacks result in delayed patient care, report finds
  • Police disrupt “Diskstation” ransomware gang attacking NAS devices
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​
  • Fourth Circuit upholds West Virginia ban on abortion pills
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.