Controversy surrounds Royal Perth computers and patients
Technorati Tag: Security Breach
Date Reported:
4/5/08
Organization:
Royal Perth Hospital
Contractor/Consultant/Branch:
None
Victims:
Patients
Number Affected:
Unknown
Types of Data:
"Personal information, including patient names and addresses, dates of birth, medical conditions and patient numbers"
Breach Description:
"WA POLICE are investigating claims by The Sunday Times that the newspaper was able to access private details of hospital patients from old computers found dumped outside a hospital."
Reference URL:
The Sunday Times
The Courier Mail
Report Credit:
Paul Lampathakis, The Sunday Times
Response:
From the online sources cited above:
CONFIDENTIAL patient details are being left on old computers dumped in an open skip bin in a busy laneway at Royal Perth Hospital
Personal information, including patient names and addresses, dates of birth, medical conditions and patient numbers, was accessed with ease by The Sunday Times this week.
Sources say up to 500 computers have been dumped in the bin, pending collection, since November.
[Evan] It would be nice to have a picture of how these computers were just left in the open. Obviously (maybe not so) discarding computers with sensitive information still on them is a very poor information security practice.
Sources also claimed computers had been sent to auction yards in the past without their hard drives wiped clean.
The hospital yesterday denied this, saying the computer hard drives were cleaned and the computers were collected every day by contractors to be crushed.
[Evan] If the "computer hard drives were cleaned", then how was The Sunday Times able to get the sensitive information and if the computers are "collected every day" then how was it reported that they had been there since November? Who is right?
Health Minister Jim McGinty last night accused The Sunday Times of stealing the computers and hacking into their contents.
The Sunday Times editor Sam Weir rejected the allegations. He said The Sunday Times observed the computers in the bin for several days, easily available for anyone to pick them up.
WA Health Minister Jim McGinty said he had referred the matter to police and wanted an investigation into how the information was obtained.
"We guard very closely medical records and they were not in any sense exposed other than to a criminal act,'' Mr McGinty told ABC Radio.
[Evan] According to Mr. McGinty, we are to believe that The Sunday Times hired a thief to steal computers so that they could write a story?
"What is staggering is that Mr McGinty appears to have far less concern for the patients whose private records have been dumped in this way and far more interest in shooting the messenger who has exposed this disturbing practice," Mr Weir said.
Sources said it was frightening that computers with such information were sitting in a well-used area where anyone could pick them up. It was a big concern that they might have been on-sold with the information still on them.
Workers at a second-hand computer business said they had received computers from RPH in the past. They said it was the previous user's responsibility to clean information off hard drives.
It is unclear how many of the computers contained confidential records.
A hospital spokeswoman said RPH had a contract with a scrapmetal company that crushed all hospital computers to ensure all data was destroyed.
"The only way to get a computer containing patient details is illegally,'' she said.
[Evan] I am very interested to hear the outcome of the police investigation. How does the hospital claim that the computers and information were obtained illegally?
Government sources tipped off The Sunday Times about the slack security because they were furious that patients' personal information was left out in the open.
[Evan] "Government sources"? Why wouldn't the government just begin their own investigation?
About six weeks ago a man was seen stuffing computer parts into a bag before taking off on a motor cycle.
"There's got to be a policy against that happening. But, as usual in these times, they (the Health Department) will just be looking for the source of the information rather than trying to solve the problem.''
One of the hundreds of letters on computer files seen by The Sunday Times gives the name, address, date of birth, patient number and treatment details of Forrestfield pensioner Robert Hunt.
Victim Reaction:
When contacted, Mr Hunt said: "This is pretty bad. That sort of information, the wrong people can do all sorts of things with it.
"It shouldn't be just lying around like that. It should be brought to the attention of the Government"
[Evan] According to the news report, much of this story originated from government sources.
Commentary:
This is a very interesting "he said, she said" story. I don't recall ever reading a breach like this one. I am left with many questions and I'm not really sure what to believe. I am leaning towards believing The Sunday Times.
Past Breaches:
Unknown
Date Reported:4/5/08
Organization:
Royal Perth Hospital
Contractor/Consultant/Branch:
None
Victims:
Patients
Number Affected:
Unknown
Types of Data:
"Personal information, including patient names and addresses, dates of birth, medical conditions and patient numbers"
Breach Description:
"WA POLICE are investigating claims by The Sunday Times that the newspaper was able to access private details of hospital patients from old computers found dumped outside a hospital."
Reference URL:
The Sunday Times
The Courier Mail
Report Credit:
Paul Lampathakis, The Sunday Times
Response:
From the online sources cited above:
CONFIDENTIAL patient details are being left on old computers dumped in an open skip bin in a busy laneway at Royal Perth Hospital
Personal information, including patient names and addresses, dates of birth, medical conditions and patient numbers, was accessed with ease by The Sunday Times this week.
Sources say up to 500 computers have been dumped in the bin, pending collection, since November.
[Evan] It would be nice to have a picture of how these computers were just left in the open. Obviously (maybe not so) discarding computers with sensitive information still on them is a very poor information security practice.
Sources also claimed computers had been sent to auction yards in the past without their hard drives wiped clean.
The hospital yesterday denied this, saying the computer hard drives were cleaned and the computers were collected every day by contractors to be crushed.
[Evan] If the "computer hard drives were cleaned", then how was The Sunday Times able to get the sensitive information and if the computers are "collected every day" then how was it reported that they had been there since November? Who is right?
Health Minister Jim McGinty last night accused The Sunday Times of stealing the computers and hacking into their contents.
The Sunday Times editor Sam Weir rejected the allegations. He said The Sunday Times observed the computers in the bin for several days, easily available for anyone to pick them up.
WA Health Minister Jim McGinty said he had referred the matter to police and wanted an investigation into how the information was obtained.
"We guard very closely medical records and they were not in any sense exposed other than to a criminal act,'' Mr McGinty told ABC Radio.
[Evan] According to Mr. McGinty, we are to believe that The Sunday Times hired a thief to steal computers so that they could write a story?
"What is staggering is that Mr McGinty appears to have far less concern for the patients whose private records have been dumped in this way and far more interest in shooting the messenger who has exposed this disturbing practice," Mr Weir said.
Sources said it was frightening that computers with such information were sitting in a well-used area where anyone could pick them up. It was a big concern that they might have been on-sold with the information still on them.
Workers at a second-hand computer business said they had received computers from RPH in the past. They said it was the previous user's responsibility to clean information off hard drives.
It is unclear how many of the computers contained confidential records.
A hospital spokeswoman said RPH had a contract with a scrapmetal company that crushed all hospital computers to ensure all data was destroyed.
"The only way to get a computer containing patient details is illegally,'' she said.
[Evan] I am very interested to hear the outcome of the police investigation. How does the hospital claim that the computers and information were obtained illegally?
Government sources tipped off The Sunday Times about the slack security because they were furious that patients' personal information was left out in the open.
[Evan] "Government sources"? Why wouldn't the government just begin their own investigation?
About six weeks ago a man was seen stuffing computer parts into a bag before taking off on a motor cycle.
"There's got to be a policy against that happening. But, as usual in these times, they (the Health Department) will just be looking for the source of the information rather than trying to solve the problem.''
One of the hundreds of letters on computer files seen by The Sunday Times gives the name, address, date of birth, patient number and treatment details of Forrestfield pensioner Robert Hunt.
Victim Reaction:
When contacted, Mr Hunt said: "This is pretty bad. That sort of information, the wrong people can do all sorts of things with it.
"It shouldn't be just lying around like that. It should be brought to the attention of the Government"
[Evan] According to the news report, much of this story originated from government sources.
Commentary:
This is a very interesting "he said, she said" story. I don't recall ever reading a breach like this one. I am left with many questions and I'm not really sure what to believe. I am leaning towards believing The Sunday Times.
Past Breaches:
Unknown
Posts Atom 1.0
Comments