P2P networks rife with sensitive health care data, researcher warns Page 1 sur 3

Home News Blogs White Papers Newsletters IT Careers

News Blogs P2P networks rife with sensitive health care data, researcher Shark Bait Knowledge Centers warns Operating Systems Networking & Internet Data leaks could be significant threat to patients, providers, Mobile & Wireless Dartmouth study finds

Security Cybercrime & Hacking By Jaikumar Vijayan Comments 6 Recommended 32 Share Spam, Malware & Vulnerabilities Security Hardware & Software Standards & Legal Issues January 30, 2009 () Eric Johnson didn't have to break into a computer to Privacy Intellectual Property & DRM gain access to a 1,718-page document containing Social Security numbers, dates of birth, Disaster Recovery insurance information, treatment codes and other health care data belonging to about Storage 9,000 patients at a medical testing laboratory. Business Intelligence Nor did he need to ransack a health care facility to lay his hands on more than 350MB of Servers & Data Center sensitive patient data for a group of anesthesiologists or to get a spreadsheet with 82 fields Hardware of information on more than 20,000 patients belonging to a health system. Software Development In all instances, Johnson was able to find and freely download the sensitive data from a Careers peer-to-peer file-sharing network using some basic search terms.

Management Johnson, a professor of operations management at the Dartmouth College Tuck School of Government Business, did the searches last year as part of a study looking at the inadvertent Opinion hemorrhaging of sensitive health care data on Comments Columnists Related Internet file-sharing networks. RESOURCE ALERTS SharkTank to receive Security Resource Alerts Webcasts Active Comments The results of that study, which are scheduled to Video be published in the next few days, show that data Podcasts Dave C says: The ITSec people leaks over P2P networks involving the health care White Papers at these orgs should be doing sector pose a significant threat to patients, the following: 1. Awareness Webcasts Computerworld Reports providers and payers, Johnson said. Zones training - ensure staff who handle sensitive... "When you start thinking about the nature of these Dynamic Data Center and Virtualization Drives Operational Case Study Library Read the rest | Reply disclosures, it's far more worrisome" than Excellence at Emory Healthcare RSS Feeds compromises such as those involving payment Events David says: Unfortunately, we How to Future-proof for Mobility: An Integrated Management and card data, he said. Face to Face are beginning to see the down Security Strategy side of consumer computing. I Virtual "Here you are leaking not just detailed personally Preparing for PCI 1.2 Web Seminar won't say the majority, but I identifiable information but also very personal Industry would... medical information related to patients," Johnson Print Subscriptions Read the rest | Reply said. Such data can be readily used by hospital Whitepapers

All Comments (6) | Post New employees, the uninsured, organized crime rings, Ritz Camera Centers Snap "Common Sense" Image for PCI illegal aliens and drug abusers for medical identity Compliance theft, and to fraudulently obtain costly medical

Zone services and prescription drugs, he said. And while Performance Monitor: ERP at the Speed of Light such fraud can cost millions, there is less Product Guide: Oracle ONE - Product Review The Security monitoring for such fraud in the health care Zone industry than there is in the financial sector. With the mobility Computerworld Reports of employees and P2P networks allow Internet users to share music, the ease with which external devices video and data files with others on the network. can be brought in and out of a network, Trend Micro Gets Smart with a Hybrid Approach Normally, popular P2P clients -- such as Kazaa, continuing to build your security plan Computerworld Technology Briefing: Intelligent Users Use for network servers and clients is a LimeWire, BearShare, Morpheus and FastTrack -- must. Fortunately, there is much that let users download files and share items from a Business Intelligence organizations can do to protect particular folder. But if proper care isn't taken to Trend Micro Gets Smart with a Hybrid Approach themselves from attacks - internal and control the access that these clients have on a external. Having the right policies, procedures and server configurations is system, it is easy to expose far more data than critical... intended. Editor's Picks Learn more in The Security Zone For example, Dartmouth conducted a similar study

about 18 months ago and found volumes of EU's charges against Microsoft over IE 'just silly,' says expert See All Zones sensitive financial data on P2P networks as a As window closes on Vista, Microsoft makes last-ditch corporate result of inadvertent data leakage. At a push congressional hearing in July 2007, security experts testified that millions of documents, including sensitive military and government Security expert says Microsoft should cut IE's links to Windows documents, were being leaked on P2P networks. Even pharmaceutical giant Pfizer Inc. became a victim when an employee illegally installed a P2P client on a company computer Eyeing Intel, Nvidia's Ion wins three votes of confidence and exposed personal data belonging to 17,000 employees.

Report: Free Windows 7 upgrades to run until January 2010 1 2 Next »

Solid-state disks offer 'fast erase' features

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articl... 12/02/2009 P2P networks rife with sensitive health care data, researcher warns Page 2 sur 3

Make a Comment Recommend Story Slashdot this Digg this

Print Story Send Feedback Email this Reprints

Sign up for the Computerworld Daily newsletter.

Email:

Related Content

Webcast: Preparing for PCI 1.2 Web Seminar

Whitepaper: Product Guide: Oracle ONE - Product Review

CW Report: Trend Micro Gets Smart with a Hybrid Approach

Intel taps P2P technology for cancer research

Users look to harness PCs for big processing jobs Web Developer MeshNetworks partners for mobility Arlington, VA Grid-computing software hitchhikes on Kazaa Infrastructure Developers needed for ... RIAA gets a chance to overturn video streaming order in music piracy case NYC

Systems Engineer Fort Myers, FL 21st Century Oncology Today's Top Stories Lead Developer EU's charges against Microsoft over IE 'just silly,' says expert New York, NY

As window closes on Vista, Microsoft makes last-ditch corporate push More Jobs | Post A Job Security expert says Microsoft should cut IE's links to Windows

Eyeing Intel, Nvidia's Ion wins three votes of confidence

Report: Free Windows 7 upgrades to run until January 2010

Solid-state disks offer 'fast erase' features Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place What People Are Saying See comments | Add new for you to sound off about everything IT – the VMworld Europe | Cannes | 24-26 good, the bad, and the rest of the weird stuff Feb - REGISTER NOW you deal with every day. Join Europe's Largest Virtualisation All I can say is lawsuit... Rate this Community. Discover New Products, Best Practices and More. Submitted by Anonymous on January 30, 2009 - 16:56. New baits Why a CMDB? I can't stand lawsuits in general but this is exactly when one should IT best practices (ITIL) have shown The more that changes... the benefits of a CMDB. Click for be used to force compliance. FBI should be involved in tracing the My favorite users whitepapers. IPs to physical locations and heads should roll. Rated +2 6 Votes phishing for users Understand Enterprise IP Telephony - Free eBook reply | report this comment Free eBook: 11 Chapters on IP

Telephony. 96 page Enterprise Deployment Guide.

Need Help Deploying or Oops what was I thinking.. Rate this Supporting CA SiteMinder? Professional, Affordable Enterprise Submitted by Anonymous on January 30, 2009 - 16:59. Security Expertise from an Award- Winning Team. I almost forgot, unless there is movies or mp3 being shared from Buy Windows Server Backup the same IP authorites won't get involved. Stupid me.... Software & Get 2nd Free Rated +2 Security and Trust: The Backbone of Doing Business over the Backup without the Backup Window. reply | report this comment 6 Votes Recover Instantly from Any Failure. Internet Try it FREE for 30 days! Earning the trust of online customers is vital for the success of any company that requires sensitive data

Consumer Computing Rate this to be transferred over the internet. With VeriSign you See your link here can put technology in place to help your online Submitted by David on January 30, 2009 - 17:52. business protect customer data and build consumer Unfortunately, we are beginning to see the trust. Learn how with this white paper. Download this white paper now! Subscribe to our e-mail down side of consumer computing. I won't say the newsletters majority, but I would guess a large portion of Rated +3 3 Votes For more info on a specific the population sees the off-the-shelf PC at any newsletter, click the title. Details will be displayed in a new window. retailer as not being much different than a TV, just plug it in and it's ready to go. Then comes Finance the easy to load software, perhaps downloaded for IT Blogwatch: ...Read the entire comment Security Kindle 2 to fan flames for e-books? We're reading up on Amazon's "new, improved" e-book Computerworld Daily News (First reply | report this comment reader. ... [more] Look and Wrap-Up) Computerworld Blogs Newsletter

The Weekly Top 10

See comments | Add new White Papers

More E-Mail Newsletters Read up on the latest ideas and technologies from companies that sell hardware, software and Enter E-mail Address services.

A Better Way to Manage Data in Virtualized Environments with CommVault® Simpana® Universal Virtual Server Agent Subscribe to Computerworld Business Continuity - Are you Always Open for Business? 40 years of the most Product Guide: Oracle ONE - Product Review authoritative source of news and View more whitepapers information for IT

leaders.

Enter E-mail Address

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articl... 12/02/2009 P2P networks rife with sensitive health care data, researcher warns Page 3 sur 3

Sponsored Links

Norwich University's Master of Information Assurance - Integrate your technical competencies with SonicWALL VS the status quo. No contest. business management skills.

Is your existing "spam filter" not cutting it? Give our FREE trial a try. Symantec is comprehensive endpoint protection. Get a free trial today:

HP StorageWorks products-control, consolidation and confidence. HP solutions help you thrive-not just survive

Curious about FCoE? Watch The Dr. Digital Show from Brocade. $2,500,000 + Dell, Citrix, Cisco IT Equip. Online Auction Feb Feb 15-18

See how Rackspace can optimize your IT dollars Get the Power of UNIX/Linux on Windows with MKS Toolkit

Real-time, reporting: Try Free 60 day trial now Breakthrough parallelism: Intel(R) Parallel Studio.

See the power of the new Quad-Core AMD Opteron(tm) processor. Spigit: Innovation Both Inside and Out

The ROI and TCO Benefits of Data Deduplication in the Enterprise File Integrity Monitoring: Prove compliance and secure your IT environments

See the power of the new Quad-Core AMD Opteron" processor. Save up to 66% plus FREE Dessert from Omaha Steaks.

Intercept Spam & Viruses With MessageLabs ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance Not All QSAs Are Created Equal: What You Should Know Before You Buy

Learn about the AMD Virtual Experience The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

Introducing: Project Icebreaker The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Network World PC World

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of Inc.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articl... 12/02/2009