Possible Insider Leak: 10,000 Patient Records
Over 30 reports of data theft filed since January 2009 have lead investigators to a potential leak at Johns Hopkins Hospital. One of their employees is believed to have used her credentials to access and then leak data on more than 10,000 patients while working at the hospital. Law enforcement agencies also suspect that the thefts might be related to a fraudulent driver’s license scheme discovered in Virginia.
According to Dark Reading, Johns Hopkins representatives stressed the fact that the data leak was not a hacking incident, but that the suspected employee had access to the breached records as part of her job. They also stated the records contain no medical data, but do contain other sensitive details, such as Social Security numbers and addresses. As the Dark Reading article further explained, the hospital took comprehensive measures to balance the loss of data:
Johns Hopkins is offering credit monitoring and fraud resolution services, as well as $30,000 in identity theft reimbursements, to the 31 victims, as well as to any of the 526 Virginia residents in the database who report fraud. It also is notifying the other 10,000 patients whose records were in the database.
