follow-up: Army Hospital Breach May Be Result of P2P Leak

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.darkreading.com/document.asp?doc_id=155501

By Tim Wilson
Site Editor
Dark Reading
June 3, 2008

Peer-to-peer (P2P) applications may have been the culprit in a security 
breach that has exposed the personal information of more than 1,000 
patients at Walter Reed Hospital, according to early reports.

Names, Social Security numbers, birth dates, and other information was 
exposed through a single computer file, hospital officials said Monday. 
The file did not include information such as medical records, or the 
diagnosis or prognosis for patients, they said in an Associated Press 
report [1].

The officials declined to discuss the nature of the breach with AP, citing 
an ongoing investigation. However, according to an industry news report 
[2], Col. Patricia Horoho, commander of the Walter Reed Health Care 
System, posted a Website message yesterday which suggests a potential P2P 
leak.

"I need everyone to ensure that they are not loading or downloading 
programs that are not authorized by the command as it increases our 
vulnerability and possibly can cause a breach in protected information 
being shared," the message said. Horoho's message has since been pulled 
from the Walter Reed site, but the trade journal managed to get a screen 
capture [3] before the message disappeared.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml