Walter Reed suffers peer-to-peer data breach

Share this article:

Unauthorized file-sharing is to blame for a data breach at Walter Reed Army Medical Center that exposed the personal information of nearly 1,000 patients.

Walter Reed officials said in a statement that they were notified of the possible breach on May 21 by an outside company. Preliminary results of an ongoing investigation have identified a computer from which the data was apparently compromised. Data security personnel from Walter Reed, located in Washington, D.C.,  and the U.S. Army continue to investigate the source and causes for the information compromise.

Victims, who are military health system beneficiaries, are being notified and offered credit monitoring services, the statement said.

“The disclosure of this information raises the possibility that individuals named in the file could become victims of identity theft,” the release said.

Other published reports stated that the file was found on a non-government, non-secure computer network.

The U.S. House of Representatives Armed Services Committee is awaiting the results of the Army's investigation into the situation, but it is troubling when private data is inappropriately released, committee chairman Ike Skelton, D-Mo., told SCMagazineUS.com on Tuesday. 

“We must ensure that personal information is protected and prevent any future compromise of patient records,” he said.

The risk of data breaches will likely increase as the use of file-sharing software becomes more popular in the workplace, Kurt Johnson, vice president for business development at Courion, a provisioning and access compliance solutions firm, told SCMagazineUS.com on Tuesday.

“It's a great tool for sharing information when collaborating on a group project,” Johnson said. “But there isn't always a lot of control over who has access to the files and what information is being shared.”

The best way to protect data is develop certain rules and guidelines regarding file-sharing and then provide education on overall data security, Phil Neray, vice president of marketing at Guardium, a database security company.

“One of the biggest problems, however, is monitoring contractors,” Neray said. “Outsourcers are given access to a lot of information, and too often, they aren't being monitored.”

 

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.