Walter Reed patient data exposed
Sensitive data on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals might have been compromised, Walter Reed spokesman Chuck Dasey said.
The names of the patients, who are enrolled in the Military Health System, their Social Security numbers and birth dates were among the personally identifiable information in a computer file that was shared without authorization, officials said June 2.
The disclosure of the information raises the possibility that individuals named in the file could become victims of identity theft, so the hospital will offer them free credit-monitoring services, Dasey said.
Walter Reed officials said they became aware May 21 of the data breach by an outside company, which they did not identify. A preliminary investigation identified the computer from which the data was revealed, Dasey said.
Data security employees at Walter Reed and the Army Department are investigating the source and causes for the security breach, he said.
Hospital officials said they were beginning to contact the individuals listed in the file but added that it did not include protected health information, such as patients’ medical records, diagnoses or prognoses.
“The Walter Reed Army Medical Center has a robust information assurance program that meets all program standards and requirements,” Dasey said.
In 2006, the Office of Management and Budget directed agencies to strengthen data security policies and procedures in the wake of the theft of a Veterans Affairs Department laptop PC that contained sensitive information on millions of veterans. Law enforcement officials recovered the computer, and VA changed its policies and procedures in an effort to improve and enforce data security, first by centralizing its information technology authority under the department’s chief information officer.
OMB’s guidance includes encrypting personally identifiable information stored on mobile devices, reporting potential data breaches immediately and putting notification procedures in place. Agencies are also supposed to ensure that contractors who perform work for them follow the government’s data security policy.
Rep. Ike Skelton (D-Mo.), chairman of the House Armed Services Committee, said he is awaiting a report on the Army’s investigation into the incident at Walter Reed.
“It’s very troubling when private data is inappropriately released,” Skelton said in a statement. “We must ensure that personal information is protected and prevent any future compromise of patient records.”
Mary Mosquera is a reporter for Federal Computer Week.