DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The real story doesn't require psychic powers

Posted on July 12, 2011 by Dissent

Since the story first broke yesterday, I’ve been somewhat fascinated by the case of a Colorado Springs nurse who has reportedly been fired for misusing/exceeding her access to Physician Link to access the records of 2,500 patients at Colorado Springs Hospital that she had no legitimate reason to access.

According to an updated version of their original news coverage:

Niell denied that she had accessed “anywhere close to“ 2,500 records but admitted to the Gazette Monday night that she did use the database for personal reasons, such as to look up the phone number of a friend that she had lost. However, she said that using the database that way is common practice for many in the medical community.

“That’s my crime, but as far as this other allegation, absolutely ridiculous. I wouldn’t dream of doing what they’re accusing me of,” she said. “I guarantee that accessing the database for stuff like that is rampant in the medical community. If you talked to other medical people, you’d find out that it’s pretty damn common.

“If they are going to get me for that, they would have to get a tremendous number of people for that.”

She said she is being investigated because her supervisors were uncomfortable with her psychic ability. Niell, who said she has had three near-death experiences, said she was often able to get a psychic reading from people she was around. Once, she said, she was recognized by the city after correctly warning a patient he was close to a heart attack and advised him to seek immediate treatment.

“The city gave me a plaque for life-saving intervention,” she said. “They liked it when it worked for them but didn’t like it when I made them uncomfortable.”

Niell said her supervisor was looking for a way to fire her after Niell told her about a possible life-threatening condition and the supervisor became angry. Niell admitted she later accessed the database to see if the supervisor heeded her advice and sought treatment.

City spokesman John Leavitt said Niell became a target of an investigation after her supervisor noticed unusual activity on the system, including how many times it was being accessed and from where it was being accessed. Memorial was notified on May 20.

I have no doubt that the nurse is right – that the problem of inappropriate access is rampant.  Which leads us to the real story here:  why was she able to access those records? What kind of authentication system does Physician Link use to ensure that only people who should be able to access a file are able to do so?  Logs can point out a problem after it happens, but what about prevention?

No related posts.

Category: Health Data

Post navigation

← Monsanto hacktivists dump some data as they ramp up
The Sun defends itself against accusations concerning Brown's child (updated with apology from The Guardian) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.