Georgetown University Hospital, Washington, shut down an electronic-prescribing pilot project after learning of a data security breach involving information on between 5,600 to 23,000 patients, including names, birthdates and Social Security numbers. Georgetown spokeswoman Marianne Worley said the data did not include healthcare-specific information and, according to an internal investigation, none of the data were lost or misused. The pilot, a partnership with InstantDx of Gathersburg, Md., involved only one department, Worley said. The hospital has removed all data from InstantDx's server pending completion of Georgetown's internal investigation.
According to Wired News, an Indiana-based IT consultant discovered a user name, password and Internet address providing access to InstantDx's server embedded in a Medisoft practice-management system the consultant was trying to install. The consultant was able to access the database and download the Georgetown data. He then reported the vulnerability to InstantDx. Medisoft is owned by Per Se Technologies, Alpharetta, Ga., and uses InstantDx technology for its e-prescribing component. The consultant and officials at InstantDx and Per Se Technologies were unavailable for comment at deadline. -- by Joseph Conn