Walter Reed says patient data may be compromised

June 2, 2008

By Jennifer C. Kerr

Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach, sparking identity theft concerns and an investigation by the Army.

Names, Social Security numbers, birth dates and other information was released, hospital officials said Monday. The computer file that was breached did not include information such as medical records, or the diagnosis or prognosis for patients, they said.

The disclosure marked the latest in a series of breaches of government computer records.

Walter Reed officials declined to explain exactly how the information was compromised, pending an ongoing investigation by the hospital and the Army. They would only say that the computer file was found on a "non-government, non-secure computer network."

The medical center learned of the breach on May 21 from an outside data mining company, which officials did not identify. They said the company was working for another client, found the file and contacted Walter Reed.

The hospital said it is working to notify all of the people named in the data file. Letters or e-mails were being sent out, beginning Monday. Officials declined to say how many patients were from Walter Reed and how many were from other military hospitals.

The chairman of the House Armed Services Committee, Rep. Ike Skelton, D-Mo., said he wants to hear from the Army about its investigation.

"It's very troubling when private data is inappropriately released," Skelton said. "We must ensure that personal information is protected and prevent any future compromise of patient records."

Walter Reed plans to offer free credit protective services to patients whose information was revealed.

The hospital also has set up a hot line for people to call to see if their information was disclosed (1-877-854-8542, ext. 9).

The federal government has been stung by a rash of data breaches in recent years.

_At the Agriculture Department, a hacker broke into the computer system in June 2006 and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.

_The Veterans Affairs Department acknowledged a massive breach in May 2006, in which personal data on up to 26.5 million veterans was lost.

_At the Health and Human Services Department, personal information for nearly 17,000 Medicare beneficiaries may have been compromised in early 2006 when an insurance company employee called up the data through a hotel computer but didn't delete the file.

_At the Energy Department, Social Security numbers and other data for about 1,500 people working for the National Nuclear Security Administration may have been compromised when a hacker gained entry to its computer system in 2005.

main page ATTRITION feedback