Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Confidential patient data sent to wrong company -- for 15 months

Doctors and clinics in the U.S. have been faxing information to an herbal remedy distributor
Jaikumar Vijayan   Today’s Top Stories    or  Other Security Stories  
 

Sign up to receive Security Resource Alerts

February 06, 2006 (Computerworld) -- A small Lockport, Manitoba-based distributor of herbal remedies has for the past 15 months been mistakenly receiving faxes containing confidential information belonging to hundreds of patients with Prudential Financial Inc.'s insurance group. The data exposed in the breach -- and faxed to the company by doctors and clinics across the U.S. -- included the patients' Social Security numbers, bank details and health care information.
So far, at least, efforts to deal with the issue appear to have failed, said Jody Baxmeyer, vice president of marketing at North Regent RX, the company that's been receiving the faxes.
The situation has been caused by North Regent's toll-free fax number, which is nearly identical to one used by Prudential to receive medical claims-related information from doctors, Baxmeyer said. In fact, the two numbers differ by only one digit, Baxmeyer said.
As a result, North Regent's Lockport office has mistakenly received thousands of documents sent to the wrong fax number that involve more than 1,000 claims. The documents contain detailed patient medical histories, Social Security numbers and bank information meant for Prudential's insurance division.
Baxmeyer said his company contacted Prudential about the problem in October 2004 -- when North Regent first began operations -- and then followed up again in April 2005 when it had not heard back from the company. "Prudential's point of view was that, 'We are not the ones faxing the information,' which is ridiculous," Baxmeyer said. "They are the ones that solicited the business from doctors and clinics, and they are the ones setting up the protocols for receiving the information."
In a statement today, Prudential officials disagreed, saying the company cannot be held responsible for third parties who are sending the information to the wrong fax number.
"Prudential Financial's fax number is accurately listed on all of our forms and communications," the company said in an e-mailed statement. "Effective immediately, North Regent RX will forward to Prudential Financial all faxes it has received, as well as any it may receive in the future."
Initially, North Regent contacted the doctors' offices, clinics and even patients directly when it received a fax meant for Prudential. But the company doesn't have the resources to continue doing that, Baxmeyer said. "What happened was it became a point of distraction for us. It would have taken an effort that we were not capable of."
According to Baxmeyer, North Regent in April offered to sell its toll-free number to Prudential for a fee that included the costs of acquiring and publicizing a new toll-free fax number for North Regent. Another option it suggested was for Prudential to give North Regent some sort of legal protection for receiving the unsolicited confidential information, he said.
Both requests were turned down by Prudential, which instead asked North Regent to simply forward all of the faxes it received back to Prudential via prepaid mail, Baxmeyer said. Prudential also informed North Regent that it had sent out a memo urging doctors offices and clinics to use extra caution when sending claims via fax.
John Pescatore, an analyst at Gartner Inc., said that Prudential cannot be held responsible for mistakes made by others. "In this case, the person who is sending out the information is the one that's responsible. Prudential did not give them the wrong number."
Faxes containing sensitive information often have disclaimers instructing recipients to either destroy the faxes or contact the sender in case they are sent to the wrong person. It is the responsibility of the recipient to destroy the faxes or follow any other instructions, Pescatore said.
Said Baxmeyer: "Our point of view is that it's ridiculous to be sharing information that is sensitive in nature, whether financial or medical, by the use of faxes," he said. "We want Prudential to realize that their technology is out of date, and they are not paying attention."


xml"Data Security Breaches" RSS feed




Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Analysis: Data breach notification law unlikely this year
Idaho utility hard drives -- and data -- turn up on eBay
Ohio University reports two separate security breaches
Aetna says laptop stolen with data on 38,000 members
Ohio recalls voter registration CDs; Social Security numbers included
FBI: No credit card data breach in N.H. state server case

Blogs

"It's IT Blogwatch: in which Grisoft, maker of the AVG anti-virus package, backs down in its attempt to DDoS the..." Read more...
Read more Security posts or See all Blogs

Google gives away home-cooked Web application security scanner
HP eyes move of support facilities out of Colorado Springs
Microsoft trumpets security additions in upcoming IE8
More top stories...
How much is too much? Upgrade your notebook without going over the line
French ruling on counterfeit goods could have far-reaching effects for eBay
Apple cuts price of high-end SSD MacBook Air by $500

This old laptop: Revitalizing an aging notebook on the cheap
All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how.
Bill Gates moves on
Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft.
Five things you should never tell your boss
There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss.
Hands-On: Firefox 3 fixes what's broke and keeps what's right
With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
Data Center Management Zone
Enterprise-Class Security Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
Business Intelligence and Analytics Zone


Ads by TechWords

See your link here
Why SaaS is Vital to Email and Web Security
Why SaaS is Vital to Email and Web Security
Download this webcast, free, compilments of Webroot Software
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Eliminate SPAM, Gain Productivity
Get this white paper now!
(Source: MessageLabs) Learn all about the dangers and the costs of spam in all its forms - from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses - and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Deploying Virtualized NetWare on Linux Whitepaper
Toward More Flexible, Next-Generation Collaboration Solutions
Driving Business Success Through Workgroup Choice and Flexibility
View more whitepapers 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.