Hospital hacked - records stolen?

Kevin Poulsen claims that private medical records were stolen from a major Seattle hospital. Hospital admits a break-in but disputes the theft

A computer intruder broke into a Seattle-area hospital and downloaded thousands of private medical records earlier this year, according to security news Web site

The break-in of University of Washington Medical Centre computers occurred this summer, according to SecurityFocus. Among the records viewed: the name, address, and Social Security number of over 4,000 cardiology patients, along with each medical procedure the patient underwent. Hospital officials are disputing the story.

SecurityFocus editorial director Kevin Poulsen -- the author of Wednesday's story -- said the computer criminal shared a series of stolen hospital records with him over the past few days.

Along with the cardiology records, Poulsen said the intruder was also able to pilfer information on 700 physical rehabilitation patients. A third file displayed every admission, discharge, and transfer within the hospital during a five-month period.

Walter Neary, a spokesman for the hospital, said he wasn't sure Poulsen's story was accurate.

"The allegation we're hearing about is not consistent with any known hacker attack we're aware of," he said. "If he's seen any evidence of a very serious federal crime, that belongs in the hands of the FBI."

Neary added that the hospital is under computer attack constantly, and there was a break-in this summer, but hospital technicians believe "no patient records were involved".

Poulsen said the hacker, known as "Kane", tried to break into a string of hospitals this summer and also managed to crack a university medical centre in New York and another in Holland. But neither of those systems allowed access to personal records.

But at the University of Washington Medical Centre, the attacker managed to download a wide range of files containing personal health information, according to Poulsen. "Kane" only had access to administrative information, Poulsen said -- he did not have access to "clinical" records, which are used by doctors to make medical decisions.

Poulsen said his research for the story revealed that university hospitals -- which are often connected to notoriously open university computer systems -- are at greater risk to attack.

Take me to Hackers

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.