Hacker Accessed Patient Records at Washington Hospital
A computer hacker accessed large portions of the University of Washington Medical Center's computer network earlier this year and downloaded admissions records for 4,000 cardiology patients, MSNBC.com reports (Sullivan, MSNBC.com, 12/6). The hacker, a 25-year-old Dutch man, told the security news Web site SecurityFocus.com that he was able to review files that catalogued patients' names, addresses, birthdates, social security numbers, height and weight, along with each medical procedure performed. In addition to the cardiology records, the hacker also said that he was able to access similar information on 700 physical rehabilitation patients, as well as a third file chronicling every admission, discharge and transfer within the hospital across a five-month period. The hacker said the intrusions began in June and continued until mid-July, when network administrators detected him and cut him off. He intended his infiltration to be a "renegade public service aimed at exposing the poor security surrounding medical information," SecurityFocus.com reports, also noting that university hospitals "tend to adopt the relaxed security posture of academia" (Poulsen, SecurityFocus.com, 12/6). University officials said they were aware the computers had been invaded over the summer but they were not sure whether or not electronic records had been stolen until "a reporter sent them a copy of one record last Thursday. Janlori Goldman, director of Georgetown University's health privacy project said, "Right now we've got a huge push to put patients' records online so that doctors, hospitals and health plans can quickly and cheaply share information," adding, "It is irresponsible to go forward without strong and enforceable privacy and security laws, which we don't have at the federal level yet" (O'Harrow,
San Francisco Chronicle 12/9).