[ insider_reports_insider ]
Tokyo Doc Loses Patient Information
David Utter
Staff Writer
2007-01-18
 Insider Reports RSS Feed
A physician with the University of Tokyo Hospital placed personal information about 150 patients on his home computer, only to have that data leaked online.
 | | Tokyo Doc Loses Patient Information |  |
Private information and personal computers are not chocolate and peanut butter; they don't go together. But people keep thinking they won't be the ones to make the kind of mistakes other people have in inadvertently putting that data at risk.
The report in question said the doctor had a backup file containing patient information from about 10 years ago. He had treated the patients at the University and three other hospitals.
That file probably sat dormant all those years until someone placed file-sharing software on the computer.
After that, the data could be viewed for around a five hour period.
The information included names and birth dates, and medical records.
Details are not clear about the whole issue. On a ten-year old computer, it is difficult to imagine modern file-sharing software running on it, although ftp could be an option.
It seems more likely the patient information was ten years old, but placed on a newer computer.
No accounts of misuse of the data have emerged yet, according to the University hospital. They claimed that they "prohibit in principle" the practice of taking personal information out of the hospital.
Principles are good to have, but in an age where a little personal information can lead to a big identity theft, clearly defined policies against that usage need to be in place too. Maybe the doctor just didn't think about, or even forgot, the backup.
Security pros do need to think about these things. It may be a good idea to check with employees to find out if sensitive information has been removed from an enterprise.
Well-meaning workers who want to do a good job probably don't see the harm in doing so.
They should not be prohibited from working effectively. If there is a need for access to such data, the implementation of a managed solution like VPN should be used.
Control of the information needs to rest with the company, and not an individual employee.
In the United States, trends on identity thefts have indicated they will continue to spiral upward. A 250 percent rise in keyloggers and an ever-increasing number of phishing attempts figured prominently in 2006.
Any data left unprotected will be attractive to criminal types. Between February 15, 2005 and April 28, 2005, figures from the Privacy Rights Clearinghouse cited 31 cases of personal data theft, affecting almost 3.5 million people. All in a mere 10 weeks.
---
Tag: Information Security
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
