From: InfoSec News (alertsinfosecnews.org)
Date: Fri Mar 30 2007 - 01:37:09 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://abclocal.go.com/wls/story?section=local&id=5164853

By Ravi Baichwal
March 29, 2007

A Chicago hospital worker is charged with stealing patient information.
An emergency medical technician is accused of using his job to access
the sensitive data of at least eight patients at UIC Medical Center for
his own use. The EMT has been fired from the hospital.

A criminal investigation is underway as the UIC hospital warns other
patients about the security breach.

Officials at UIC Medical Center, an award-winning institution in the
field of computerized patient medical records, tell ABC7 the criminal
investigation was launched last month. They say they discovered an EMT
had improperly accessed patient records. That EMT is 28-year-old Leslie
Langford. He faces several charges including identity theft.

"We do take this very, very seriously and immediately responded as soon
as we were alerted to the investigation by UIC police," said Sherri
McGinnis Gonzalez, UIC spokesperson.

UIC says an EMT was fired last month as soon as it came to light that
eight patient medical records were inappropriately accessed by someone
with privileged access to those records.

The hospital has sent out letters to over 240 patients saying their
records may have been similarly breached and they should take steps to
avoid becoming victims of identity theft.

"The information that the employee had access to was demographic,
personal medical information, and we believe that person used that
information in an inappropriate manner," said McGinnis Gonzalez.

Exactly what that is the hospital would not explain, citing the criminal
investigation, but the hospital stressed this was not a case of a breach
of the system to the outside world.

"Administrators were able to look at the electronic medical records
system and actually track what records this employee had access to and
it actually helped in the investigation," said McGinnis Gonzalez.

But patient information is now out there. And one expert in identity
theft suggests UIC could be doing a lot more -- such as buying identity
and credit monitoring services for victims -- as one way to make up for
the fact that it is nearly impossible to insure those with access to
information don't succumb to the temptation to sell it.

"There is you know a clear exchange out there, almost like a stock
exchange in ideates, and the more information you have the more the
identities are worth, and in fact, if you go out there to the right
places looking for it, there is almost like a bid-ask situation out
there where there is a floating set of prices out there, 'I have this
many names, and this type of information, what can I get for it?' " said
Garnet Steen, RelyData.com.

"The nightmare scenario isn't just the consumer has some credit cards
opened up in their name, but somebody obtains medical services in their
name and that that medical information gets co-mingled with their own,"
said Steen. Leslie Langford is the son of Chicago Fire Department
Spokesman Larry Langford. Larry Langford told ABC7 this is a private
family matter and they are working with Leslie concerning this issue.

_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]