[Dataloss] POTENTIAL data leakage from Wichita KS Medical group

Henry Brown hbrown at knology.net
Wed Jul 9 19:06:43 UTC 2008 

http://www.kansascw.com/Global/story.asp?S=8643448

The Wichita Radiological Group received an anonymous call saying their 
patient records may have been stolen. On Monday, the executive director 
reported the information to Wichita police.

According to the police report, the caller claims a former employee 
stole patient records before being fired from the Wichita Radiological 
Group. The caller said the former employee is now using patients' 
personal and financial information to pay bills.

The radiological group is not sure how much, if any information was 
stolen. So far, they have not found any evidence of the theft. But tens 
of thousands of patient records were in the database could have been 
compromised.

An attorney for the Wichita Radiological Group tells Eyewitness News 
they have launched an internal investigation. The group changed internal 
passwords to make sure no more records are accessed.

Wichita police say they need identity theft victims from the case to 
come forward before they can proceed in their investigation.

[...]
Statement from the Wichita Radiological Group:

"We are aware that allegations have been made regarding the actions of a 
former employee.  The allegations were made by an anonymous caller and, 
to date, we have not uncovered any evidence of wrongdoing.  However, we 
take these matters seriously and, as a result, have reported the 
allegations to the Wichita police and are conducting an internal 
investigation.  We have safeguards in place to protect the privacy and 
confidentiality of our patients' information, which safeguards meet or 
exceed the requirements of federal and state law.  In the event our 
investigation reveals that patient information was used or disclosed in 
violation of the law, we will take appropriate action and will notify 
those patients affected.  We would emphasize to the public that the 
person alleged to have been involved did not have access to any 
patients' medical charts."

[...]

More information about the Dataloss mailing list