Chiropractor Exposes 56 Patients' Data on Hot SpotFOR IMMEDIATE RELEASE: April 9, 2008
Media Contact: Aaron Titus
OXON HILL, Maryland. The Oxon Hill location of Prime Care has exposed private information about 56 patients to the public through an unsecured public wireless network, or "Hot Spot." Most of the individuals affected are patients of Dr. Steven Boesche, who occasionally works from the Oxon Hill location. The Hot Spot exposed 29 files with sensitive patient information, including patient account numbers, blood pressure, date of accident, diagnoses, examination results, patient history, pulse, prognosis, and treatments.
We notified Prime Care's office that they should cease broadcasting this information to the public, hire a professional to fix network vulnerabilities, and notify their patients that their information had been exposed to the public.
The following are a few key facts surrounding the breach:
- Prime Care's office provided an open, unencrypted wireless network, or "Hot Spot," to any member of the public within 150 feet of the office, including public areas such as the lobby, hallways, and one floor above and below. The wireless network did not require a password, and was not secure.
- Prime Care's office attached certain internal business computers to its public wireless network, which contained sensitive client information. Those computers were not password-protected.
- Prime Care's office further affirmatively placed private patient information in shared folders, which were open to the public simply by double-clicking. The shared folders were not password-protected, and the patient information was not encrypted. All of the sensitive patient information was available to any member of the public with a laptop who came within 150 feet of the office on the third, fourth and fifth floors.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.