2600 News
| Main Page | Off the Hook | Off The Wall | Brain Damage | RNC 2004 | The Magazine | Store | Covers | Meetings |

Subscribe to 2600!

Get 2600 Stuff!

Posted 22 Sep 1999 00:00:00 UTC

update 9/24/99
So far only one media news outlet has followed up on this story - ZDTV has managed to find out where the hospital is: Pontiac, Michigan. After broadcasting this as the lead item in their nightly newscast, ZDTV found that the dictating system was manufactured by Dictaphone and is apparently used at hospitals all over the place. (If you know of such a system at another hospital, please let us know so we can determine if private patient records are vulnerable in other locations.) As of now, the system in Pontiac is no longer reachable.

A simple scan of toll-free numbers has turned up a very disturbing item and one which we fear may be all too commonplace.

Somewhere in the United States an insitution known as St. Joseph's Mercy Hospital has confidential patient records accessible on this number with NO PASSWORD or security of any significance. The system allows doctors to dictate all kinds of information about their patients, ranging from admitting/discharge data, cardiac records, mental health records, and an almost unending amount of personal information that SHOULD NOT BE PUBLICLY AVAILABLE! Yet it is, and with every passing day more patient records are being left out for anyone to examine.

This incredible security breach was reported on WBAI's Off The Hook on September 21, 1999. We're still trying to find out which hospital this system belongs to. Because of the sensitive and private nature of this system, we're not disclosing the toll-free number as that would inevitably lead to patient records being altered or erased since there are no passwords on the system. However, we are publishing audio files that show just how much private information is available to anyone with a touch tone phone. Out of respect for privacy, we are bleeping out names and personal info. We will continue to add files to this collection until the system is fixed.

Perhaps this action of ours will anger some people. We hope it does. And we also hope they direct their anger at the proper target - namely the people who design systems so wide open that anyone in the world could do what we did. Hackers don't create these problems - they discover them. Many times though, hackers get the full blame. But in a case like this, we believe that staying quiet would be almost as bad as betraying these patients' privacy by operating such a shoddy system.

As promised, the following RealAudio clip is of a call to this number. Certain touch tones and names have been beeped out to protect the innocent, others have been left in to damn the guilty. Long silences have also been edited out.

Call #1:
Download RealAudio clip
Stream RealAudio clip

Printer-Friendly Format

2600 Magazine
P.O. Box 752
Middle Island, NY 11953
Telephone: 631-751-2600

Comments: Webmaster
Copyright © 1995-2017
2600 Enterprises, Inc. All rights reserved.