Providence Health Exposes Data On Another 250 Patients

By Deborah Gage  |  Posted Friday, August 17, 2007 23:08 PM

Personal healthcare information seems to be flying out of control.

Providence announced this month that a laptop holding names, medical record numbers, dates of birth, referrals and diagnoses on 250 patients disappeared in Anchorage, Alaska. Social Security numbers and addresses might be gone, too.

In 2006, Providence was responsible for the biggest known data breach in the state of Oregon, which we wrote about here. Tapes containing records on nearly 400,000 patients going back 20 years were stolen from an employee's car. A lawsuit by patients charging negligence is still going on.

Providence doesn't know if this laptop, which belonged to the radiology department, was stolen or lost, says Tom Johnson, a spokesman. He declines to explain what happened.

Healthcare breaches are on track to go up this year, according to data from Privacy Rights Clearinghouse. Baseline's story on Providence, published in December, cited 55 breaches of healthcare data in the U.S. last year. The FBI told Baseline it was expecting a "crime wave" of healthcare fraud.

Last month, the House Oversight and Government Reform Committee was told that medical information is leaking out over peer-to-peer networks, which people often use to share music and forget to close. The CEO of a company that sells technology to solve this problem, Tiversa, showed Congress how the networks leak. Tiversa does not name its customers, but claims to monitor information leaks for top companies and government agencies. Howard Schmidt, former cybersecurity adviser to President Bush and a Tiversa board member, has been talking about this problem for more than a year.

Among the search strings Tiversa discovered are "medical passwords," "hospital records" and "classified medical records." Other classified government documents were available, too.