Updated 3:30 p.m. PT with idCure opinion.
Personal information of some 1,000 former patients of the Walter Reed Army Medical Center may have been leaked via a peer-to-peer network, hospital investigators say.
Hospital officials learned of the security breach last month and publicized it on the Walter Reed Web site early on Tuesday, however the message has since been removed, according to an article on the SearchSecurity.com site.
It's unclear what information was compromised, but the hospital specified certain types of data that were not included on the unsecured hospital computer.
"The information did not contain any protected health information such as medical records, diagnosis or prognosis for patients," Col. Patricia Horoho, commander of the Walter Reed Health Care System, reportedly wrote in the message.
"I need everyone to ensure that they are not loading or downloading programs that are not authorized by the command as it increases our vulnerability and possibly can cause a breach in protected information being shared," Horoho wrote.
All the technical controls in the world won't help if employees don't know what they can and can't do with regard to safe Internet activities at work, said Bryan Thornton, director of information security planning for idCure, a company that helps corporations and consumers prevent and counter identity theft.
"Walter Reed has a very robust information security program in place. They have done all kinds of things over the last decade specifically to address privacy concerns," Thornton says. "But what they've done here is show that everything they have done may as well be worthless simply because of the fact that they didn't make their employees a part of it."