In recent years, Atlanta's Grady Memorial Hospital has made the news for its long-standing financial problems and board-room dramas. This time, however, it's a medical data breach that is bringing additional publicity to the hospital, which just took on a new CEO and is working to plug its financial holes.
The hospital recently found out that records on 45 of its patients ended up on an unsecured, publicly available website and remained available for a few weeks. The data included doctors' notes, medical conditions, diagnoses, documentation of medical procedures and possibly names and ages of patients, the hospital said.
When this was discovered, of course, the hospital yanked the records off of the public access area, but questions remained as to how the data got there. As readers won't be surprised to hear, this particular problem was caused by human error, not some form of outside attack.
The breach seems to have been a result of outsourcing. Grady had outsourced the job of transcribing the notes to one firm, which outsourced it to another--and then, the second firm outsourced it to a third in India.
To learn more about the breach:
- read this Atlanta Journal-Constitution article [1]
Related Articles:
NIH security breach includes data on U.S. Rep [2]
U.S. hospitals have security 'blind spot' [3]
More hospital data security breaches [4]
Johns Hopkins loses patient, employee data [5]
Links:
[1] http://www.ajc.com/search/content/metro/stories/2008/09/23/grady.html
[2] http://www.fiercehealthit.com/story/nih-security-breach-includes-data-on-u.s.-rep/2008-04-07
[3] http://www.fiercehealthit.com/story/u.s.-hospitals-have-security-blind-spot-/2008-04-14
[4] http://www.fiercehealthit.com/story/more-hospital-data-security-breaches/2006-11-06
[5] http://www.fiercehealthit.com/story/johns-hopkins-loses-patient-employee-data/2007-02-12