Threatwatch

Thief cribs a patient’s ID off fine print on hospital worker’s Facebook photo

Accidentally leaked credentials; Insider attack; Stolen credentials; Unauthorized use of employer’s data

In June, the emergency room employee posted a picture of her office work station with a computer screen visible in the background that contained the patient’s name and other details.

The photo was taken down within half an hour and the patient was notified, according to the University of Arizona Medical Center-South Campus.

Then things got creepy.

Four months later, the Department of Economic Security called the patient to say someone had used her personal information to try to qualify for food stamps.

The patient also has received calls on her home and cell phones with no audible voice. The caller’s identity is listed as “Unavailable.”

“It’s been a nightmare,” the woman told the Green Valley News. “I get these phone calls. I’m afraid to be home; it’s just really, really bad . . . My life is at stake, my information.”

The newspaper did not name the patient due to the nature of the case.

“It’s not that I want a zillion dollars. I want everybody to know about this,” she said. “I don’t want anyone else to go through this kind of hell. This lady sent Facebook my information, Social Security number and address when she took a picture of something else and my information was on the computer screen right next to it.”

According to the medical center, the woman's Social Security number was never posted.

It was a hospital manager who noticed an employee had inadvertently revealed patient health information in the photo she had taken of the work station.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Healthcare and Public Health

reported

October 22, 2013

reported by

Green Valley News

number affected

Unknown

location of breach

Arizona, United States

perpetrators

Employee

location of perpetrators

Arizona, United States

date breach occurred

June 09, 2013

date breach detected

June 09, 2013