Physician Operates On Server, Costs His Hospital $4.8 Million 143
Hugh Pickens DOT Com (2995471) writes "Jaikumar Vijayan reports at Computerworld that a physician at Columbia University Medical Center (CU) attempted to "deactivate" a personally owned computer from a hospital network segment that contained sensitive patient health information, creating an inadvertent data leak that is going to cost the hospital $4.8 million to settle with the U.S. Department of Health and Human Services (HHS). The error left patient status, vital signs, laboratory results, medication information, and other sensitive data on about 6,800 individuals accessible to all via the Web. The breach was discovered after the hospital received a complaint from an individual who discovered personal health information about his deceased partner on the Web. An investigation by the HHS Office for Civil Rights (OCR) found that neither Columbia University nor New York Presbyterian Hospital, who operated the network jointly, had implemented adequate security protections, or undertook a risk analysis or audit to identify the location of sensitive patient health information on the joint network. "For more than three years, we have been cooperating with HHS by voluntarily providing information about the incident in question," say the hospitals. "We also have continually strengthened our safeguards to enhance our information systems and processes, and will continue to do so under the terms of the agreement with HHS." HHS has also extracted settlements from several other healthcare entities over the past two years as it beefs up the effort to crack down on HIPAA violations. In April, it reached a $2 million settlement with with Concentra Health Services and QCA Health Plan. Both organizations reported losing laptops containing unencrypted patient data."
Re: wait a minute (Score:4, Informative)
You can't remove computer from the demand without the domain admin password. If they're handing out that password to end users, they've got a whole other series of problems.
Wrong, you just have to have local Admin rights.
The proper way to remove a computer from the domain is to log in as a user with local admin rights and then enter a domain account with the rights to Add/Remove Computers. This removed the computer from the domain and deletes the computer account from the domain.
However, you can also log in as a user with local admin rights and when prompted, after selecting Workgroup mode, enter a crap ID and password when prompted for domain credentials. The domain part will fail, but the computer will be switched to workgroup mode on reboot. The difference is that there is now an orphaned computer account still listed in the domain. But the client is now no longer on the domain as far as it is concerned.
The reason why this is allowed is simply because a mechanism is needed to switch a computer from domain mode to workgroup mode if, for some reason, the domain is unavailable.
Re:wait a minute (Score:4, Informative)
This [bizjournals.com] describes it in a little more detail.
My guess is that he turned off a webapp which then caused the HTTP server to provide open directory access. This doesn't explain why he was doing it though or indeed why he was able to.