One must not tinker with things that one doesn’t adequately understand. This is manifest in the case of a Columbia University Medical Center physician who tinkered with a server, leading to data leaks and an expensive $4.8 million settlement.
The interesting part is that the physician tried to deactivate and reconfigure a personally owned server linked to the New York Presbyterian network segment. In doing so, he inadvertently caused a massive leak of the personal data of the patients.
The attempt at reconfiguration resulted in some kind of an error in the network, and the data that leaked due to it comprised of the status, vital signs, lab results, medical details and other information about some 6800 patients. This data became available on the web and accessible for anyone.
The issue was discovered when the personal details of a deceased patient’s partner were accessible to him on the internet. This led to an investigation into the matter which has just concluded, costing a total of $4.8 million in a voluntary settlement. Of this sum, Columbia University Medical Center will pay $1.5 million while New York Presbyterian will cough up $3.3 million.
The investigation led to a serious lack of security measures for patient data. In a statement issued by the two entities, they have also agreed to take care of this. According to this statement, “For more than three years, we have been cooperating with HHS by voluntarily providing information about the incident in question. We also have continually strengthened our safeguards to enhance our information systems and processes, and will continue to do so under the terms of the agreement with HHS.”
Courtesy: Computer World