Jim Hall reports:
A security breach in an online computer system at Mary Washington Hospital exposed the private medical information of some of its maternity patients.
A man who tried to use the Fredericksburg hospital’s online registration system for his expectant wife said the files for 803 patients were publicly available on the site.
On Friday, a hospital official described the breach as an “anomaly.”
She said the man was the only person to see the files, that he opened only two of them and that he did not print or download any data.
“We believe that this is a one-time incident,” said Kathleen Allenbaugh, hospital spokeswoman.
Hospital officials first learned of the breach when a Spotsylvania County sheriff’s deputy notified them that the online registration feature at the MediCorp.org Web site was not working correctly.
Read more in The Free Lance-Star
These data breaches and thefts are due to a lagging business culture. As CIO, I’m always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading (specific chapters, depending on nature of projects) is “I.T. Wars: Managing the Business-Technology Weave in the New Millennium.” It has a great chapter regarding security (among others).
We keep a few copies kicking around – it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices.
The author, David Scott, has an interview here that is a great exposure: http://businessforum.com/DScott_02.html
The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use; I like to pass along things that work, in the hope that good ideas continue to make their way to me. I hope you can make use of this info…