Residents of Arkansas have some reason to cheer tonight.  Today both Tamara Hill and Ebony Flowers were arrested in connection to the theft of personal data from the Baptist Health Hopsital’s information system.  Hill is a former employee of the company who was released in early June as more details about security mistakes at her work terminal were reported.  Hill was found guilty of using 25 other people’s personal information to get gift cards at Walmart for use at other periods of time.  Flowers was caught doing the same thing, although she was only in possession of three people’s financial information.

It appears that Hill obtained the information while she was working at the Emergency Center in the Baptist Health Hospital.  She took screen shots images of the private data and then printed it out for later use.  No word has come from the hospital yet of security upgrades it will take to prevent similar malicious deeds from taking place in the future.  There is a rising push for background screening of individuals, although this is and of itself can have its own liabilities.

The hospital had over 970,000 visitors last year and there is no idea about the extent of the theft that took place.  There has also been no word on how Hill and Flowers are connected and if anyone else received copies of the screen shots with the personal data.  Authorities found out about the breach when a victim contacted police to say that they had not authorized the gift card charges at Walmart.  The extent of the breach is potentially so large that the U.S. Secret Service has entered the case in an effort to limit the number of affected people.

The hospital released a letter saying that some of the personal and financial information had been illegally accessed.  However, they assured their patients that none of the material that had been obtained involved their medical records or diagnosis.  This is important, because any such information would be in violation of HIPAA, the Health Insurance Portability and Accountability Act.  If this was the case, the hospital could face even greater threats of a lawsuit and sanctions by the U.S. government.  Yet, there is some confusion about what information was released.  According to Pam Dixon, executive director of the San Diego-based World Privacy Forum. she believes that all the information released in the breach falls under the protection of HIPAA and that the hospital will need to show considerable improvements before it can handle the admission of patients in the future.

In the letter sent out to patients, there is no indication of whether or not the hospital will provide credit monitoring or insurance services for its victims.  For those who don’t want to wait until it is too late, they are turning to ID theft subscription services, such as Lifelock.  Lifelock and other companies can help guard the credit reports of people by monitoring all three credit bureaus and verifying with the customer whether or not they are the person opening up a new credit card account or filing a new loan application.

Tags: Baptist Health, lifelock, WalMart

This entry was posted on Sunday, July 6th, 2008 at 5:37 pm and is filed under Corporate Breaches, Individuals. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.