Your Health

Thieves, Hackers And Health Workers Want A Peek At Your Medical Records

We find the feds' public list of big breaches of patient confidentiality to be almost as gripping and disturbing as the police blotter in our local paper.

Toy soldiers protect a computer hard drive from an attack by toy pirates. i i

Attacks on your health data can come from some surprising places. hide caption

itoggle caption
Toy soldiers protect a computer hard drive from an attack by toy pirates.

Attacks on your health data can come from some surprising places.

Don't believe us? Check out the latest additions to the running roundup of problems affecting 500 or more people, which have to be reported to the Department of Health and Human Services.

Leading off, Tomah Memorial Hospital in Wisconsin, where a nurse in the ER allegedly tapped into the electronic records of 600 patients so she could get narcotics, the La Crosse Tribune reports.

The hospital said the only effect on patients may have been incorrect bills, something the hospital was working on resolving. The nurse was arrested late last month and charged with diverting narcotics; she is scheduled to appear in county court next week.

In Connecticut, Griffin Hospital says a radiologist who used to work there logged into the computerized system for storing medical images and looked at records of hundreds of patients. Griffin says it learned of the problem when some patients reported "unsolicited contact by the physician who offered to perform professional services" at a rival hospital.

The radiologist lost medical privileges at Griffin in early February and allegedly started trolling through patients records the next day. After investigating, Griffin concluded patients' financial info and Social Security numbers weren't compromised. The hospital notified 957 patients about the problem and said it regretted the breach.

At the University of New Mexico Health Sciences Center, a "serious cyber attack" on two computers at a health clinic by "sophisticated types of malware" may have compromised some personal info of about 1,900 people, the university said.

Many of the recent incidents on the HHS list involve thefts of computer equipment, including laptops and hard drives, but there are also quite a few that cite the loss or theft of paper records, including a report by the University of Pittsburgh Student Health Center of a March breach affecting 8,000 people.

So it may be more convenient for bad guys to walk off with a USB flash drive or to remotely hack into an electronic records system chock full of medical info, but lifting old-fashioned paper files never seems to go out of fashion.



Please keep your community civil. All comments must follow the Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.