Walter Reed suffers peer-to-peer data breach
Unauthorized file-sharing is to blame for a data breach at Walter Reed Army Medical Center that exposed the personal information of nearly 1,000 patients.
Walter Reed officials said in a statement that they were notified of the possible breach on May 21 by an outside company. Preliminary results of an ongoing investigation have identified a computer from which the data was apparently compromised. Data security personnel from Walter Reed, located in Washington, D.C., and the U.S. Army continue to investigate the source and causes for the information compromise.
Victims, who are military health system beneficiaries, are being notified and offered credit monitoring services, the statement said.
“The disclosure of this information raises the possibility that individuals named in the file could become victims of identity theft,” the release said.
Other published reports stated that the file was found on a non-government, non-secure computer network.
The U.S. House of Representatives Armed Services Committee is awaiting the results of the Army's investigation into the situation, but it is troubling when private data is inappropriately released, committee chairman Ike Skelton, D-Mo., told SCMagazineUS.com on Tuesday.
“We must ensure that personal information is protected and prevent any future compromise of patient records,” he said.
The risk of data breaches will likely increase as the use of file-sharing software becomes more popular in the workplace, Kurt Johnson, vice president for business development at Courion, a provisioning and access compliance solutions firm, told SCMagazineUS.com on Tuesday.
“It's a great tool for sharing information when collaborating on a group project,” Johnson said. “But there isn't always a lot of control over who has access to the files and what information is being shared.”
The best way to protect data is develop certain rules and guidelines regarding file-sharing and then provide education on overall data security, Phil Neray, vice president of marketing at Guardium, a database security company.
“One of the biggest problems, however, is monitoring contractors,” Neray said. “Outsourcers are given access to a lot of information, and too often, they aren't being monitored.”