Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday May 09 2014, @01:33PM   Printer-friendly
from the first-do-no-harm dept.

An inadvertent data leak that stemmed from a physician's attempt to reconfigure a server cost New York Presbyterian Hospital and Columbia University Medical Center $4.8 million to settle with the U.S. Department of Health and Human Services (HHS). The hospitals and HHS announced the voluntary settlement, which ends an inquiry into the incident, on Wednesday.

From the article:

The breach occurred in 2010 after a physician at Columbia University Medical Center attempted to "deactivate" a personally owned computer from an New York Presbyterian network segment that contained sensitive patient health information, according to the HHS.

In a joint statement, the two hospitals blamed the leakage on an "errantly configured" computer server. The error left patient status, vital signs, laboratory results, medication information, and other sensitive data on about 6,800 individuals accessible to all via the Web.

New York Presbyterian will pay $3.3 million, while Columbia will pay $1.5 million to settle the complaint. The hospitals also agreed to take "substantive" corrective action, including development of a new risk management plan and new policies and procedures for handling patient data. HHS will also be provided with periodic progress updates under the agreement.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by The Archon V2.0 on Friday May 09 2014, @08:08PM

    by The Archon V2.0 (3887) on Friday May 09 2014, @08:08PM (#41375)

    Oh, good lord, one of those. Takes a decade to get where he is, then spends a weekend reading a "For Dummies" book and decides he can do the job someone else took a decade to get to.

    (That is a snap judgement, I admit. To be fair, he could be a coder who went back to school and became an MD. I mean, it's possible. I suppose that happened. Once. Maybe.)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1) by SecurityGuy on Friday May 09 2014, @08:19PM

    by SecurityGuy (1453) on Friday May 09 2014, @08:19PM (#41380)

    It still highlights why there is and should be a separation of duties. If you're both guy charged with "getting things done" and securing the data, sooner or later you're going to cut corners.

    "Dammit, I don't know why this isn't working but I need it to work RIGHT NOW! Lemme just turn the firewall off and see if that fixes it...it does! Great, I'll fix it for real later." Then you never turn the firewall back on because you're busy fighting the next fire(s).