[Dataloss] follow-up: Army Hospital Breach May Be Result of P2P Leak

security curmudgeon jericho at attrition.org
Thu Jun 5 08:57:07 UTC 2008

---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>


By Tim Wilson
Site Editor
Dark Reading
June 3, 2008

Peer-to-peer (P2P) applications may have been the culprit in a security 
breach that has exposed the personal information of more than 1,000 
patients at Walter Reed Hospital, according to early reports.

Names, Social Security numbers, birth dates, and other information was 
exposed through a single computer file, hospital officials said Monday. 
The file did not include information such as medical records, or the 
diagnosis or prognosis for patients, they said in an Associated Press 
report [1].

The officials declined to discuss the nature of the breach with AP, citing 
an ongoing investigation. However, according to an industry news report 
[2], Col. Patricia Horoho, commander of the Walter Reed Health Care 
System, posted a Website message yesterday which suggests a potential P2P 

"I need everyone to ensure that they are not loading or downloading 
programs that are not authorized by the command as it increases our 
vulnerability and possibly can cause a breach in protected information 
being shared," the message said. Horoho's message has since been pulled 
from the Walter Reed site, but the trade journal managed to get a screen 
capture [3] before the message disappeared.


More information about the Dataloss mailing list