Information Security News mailing list archives
Unprotected Voice System is Used by Many Hospitals Across the U.S.
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Tue, 28 Sep 1999 00:40:12 -0600
http://biz.yahoo.com/bw/990923/ca_zdtv_1.html Thursday September 23, 6:39 pm Eastern Time ZDTV CyberCrime News Team Advances Major Story on Medical Records Security Breach Unprotected Voice System is Used by Many Hospitals Across the U.S. SAN FRANCISCO--(BUSINESS WIRE)--Sept. 23, 1999--Today ZDTV has confirmed that St. Joseph's Mercy Hospital in Pontiac, Michigan, has suffered a major security breach that left certain confidential patient records accessible to the public. ZDTV's CyberCrime news team, Alex Wellen and Luke Reiter, determined the identity of the hospital after Emmanuel Goldstein, publisher of the hacker magazine and web site 2600.com, first alerted them to the security flaw. The hospital uses a voice mail service (internal digital dictating service) that allows doctors to record and access notes concerning patient examinations and consultations. The notes include information about patients, ranging from admission and discharge data, to cardiac and mental health records. 2600.com reported that a glitch in the hospital voice mail system allowed callers to access confidential patient records without a password or any other security roadblock. Goldstein first reported the flaw on public radio station WBAI's ``Off The Hook'' on September 21, but the hospital's identity was not known prior to ZDTV's investigation. Goldstein has published a sample audio file on the 2600.com Web site to alert the country to the problem, but left off the patient's name to protect the individual. Sonja Berry, PR Spokesperson for St. Joseph's Mercy Hospital said that after hearing about the problem from ZDTV, the hospital took immediate action to correct the situation and ensure that the private information is no longer available to outside callers. She said the hospital is now investigating to ensure the problem will never happen again. Berry told ZDTV she could not provide an explanation for the error, but confirmed that the dictation service was provided by Dictaphone Corporation of Stratford, Connecticut, and is used by other hospitals around the country. Dictaphone has been advised of the situation and is expected to respond to ZDTV's inquiries shortly. Details of this breaking story can be seen on the ZDTV News at 4:00 p.m. and 11:00 p.m. ET, ZDTV's CyberCrime web site at www.cybercrime.com, and heard on ZDTV Radio at www.zdtv.com/radio. [snip..] ISN is sponsored by Security-Focus.COM
Current thread:
- Unprotected Voice System is Used by Many Hospitals Across the U.S. mea culpa (Sep 27)