Laureen OBrien, CIO of Providence Health & Services Oregon region, was in her office, just back from the 2006 New Years holiday. A phone call that Tuesday, Jan. 3, brought news that every CIO dreads. Someone had stolen a computer bag out of a systems analysts car four nights before.
Gone were 10 computer disks and tapes holding information on what would turn out to be more than 365,000 patients—everything from Social Security numbers and birth and death dates to diagnoses, prescriptions and insurance numbers.
Data on doctors was missing, too, including Medicare and Medicaid numbers, state license numbers, names, addresses and phone numbers.
As noted by state Attorney General Hardy Myers, who would soon open an investigation, this was the biggest data breach ever reported in Oregon.
The incident also exposed Providence to a relatively unknown, costly and potentially dangerous variation of ID theft—medical ID theft. Here, thieves can use stolen information to obtain treatment in victims names, corrupt their medical records and file false insurance claims.
People whose health records are stolen and falsified may get the wrong medical treatment, find their insurance exhausted or become uninsurable, says Pam Dixon, executive director of World Privacy Forum and author of a report, Medical Identity Theft: The Information Crime that Can Kill You. Medical ID theft “can affect your health and well-being,” she warns.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.