E-Health Trial Puts Patient Data At Risk
Quick Facts
- Date: 7/25/2006
- Institution: Georgetown University
- Type of Incident: Unauthorized Disclosure
- Number Affected: 5,600 to 23,000
- Source: Attrition.org
- Abstract Source: Wired
Abstract
A trial run of an electronic prescription-writing program ends in the accidental exposure of 5,600 to 23,000 Georgetown University Hospital patient data. The patient information was exposed online due to a hard-coded database password. While no medial data was exposed, names, addresses, Social Security numbers, and dates of birth were available. This flaw in the online system was discovered by a computer consultant while working to install the medical software, InstantDx, for a client. There is no evidence that any unauthorized individuals had access the Georgetown University Hospital information but the Hospital has suspended the trail program.
InstantDX was quick to accept responsibility and has since secured its systems. The company chairman and CEO Allan Weinstein calls the incident "a one-time quirk."
