There was a breach of patient information at the Walter Reed Army Medical Center recently.

Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach, sparking identity theft concerns and an investigation by the Army. Names, Social Security numbers, birth dates and other information was released, hospital officials said Monday.

Although this wasn’t the typical “lost laptop” event, it still has a lot to do with user responsibility. According to a message on their website by Col. Patricia Horoho, the problem could have been caused by an unauthorized program being run on a computer that had access to such sensitive data.

“I need everyone to ensure that they are not loading or downloading programs that are not authorized by the command as it increases our vulnerability and possibly can cause a breach in protected information being shared,” Horoho said.

It is increasingly important for people who have access to sensitive information to follow the guidelines and policies meant to protect that information. If someone downloads and executes a random program, despite a policy prohibiting such action, data integrity could be forfeited rather easily.

But for people to realize the risk of discarding policies, it may be necessary for them to be informed as to reason the policies exist in the first place. I can’t shake the feeling that, for the average user, some computer security policies are just mysterious rules that are sometimes enforced and that can often be ignored.

This entry was posted on Monday, June 9th, 2008 at 7:44 pm by Nick Staples and is filed under data protection. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.