[Dataloss] follow-up: Army Hospital Breach May Be Result of P2P Leak
security curmudgeon
jericho at attrition.org
Thu Jun 5 08:57:07 UTC 2008
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.darkreading.com/document.asp?doc_id=155501
By Tim Wilson
Site Editor
Dark Reading
June 3, 2008
Peer-to-peer (P2P) applications may have been the culprit in a security
breach that has exposed the personal information of more than 1,000
patients at Walter Reed Hospital, according to early reports.
Names, Social Security numbers, birth dates, and other information was
exposed through a single computer file, hospital officials said Monday.
The file did not include information such as medical records, or the
diagnosis or prognosis for patients, they said in an Associated Press
report [1].
The officials declined to discuss the nature of the breach with AP, citing
an ongoing investigation. However, according to an industry news report
[2], Col. Patricia Horoho, commander of the Walter Reed Health Care
System, posted a Website message yesterday which suggests a potential P2P
leak.
"I need everyone to ensure that they are not loading or downloading
programs that are not authorized by the command as it increases our
vulnerability and possibly can cause a breach in protected information
being shared," the message said. Horoho's message has since been pulled
from the Walter Reed site, but the trade journal managed to get a screen
capture [3] before the message disappeared.
[..]
More information about the Dataloss
mailing list