US United States Department of Veterans Affairs Jan 2013 Social Engineering (Q12793)
From Open Risk Data
A data breach risk event
Language | Label | Description | Also known as |
---|---|---|---|
English |
US United States Department of Veterans Affairs Jan 2013 Social Engineering
|
A data breach risk event
|
Statements
E118878C-ECD0-4AC7-A166-2B739F82B7E1
January 2013
0 references
A physician in a Minneapolis VA Healthcare System Clinic had seen a patient. During the visit it was determined that a form was required to be completed. The physician left the room to obtain or to fill out the form. The physician failed to logoff from his workstation which displayed a CPRS data from a patient that he had treated earlier. An X-ray for the earlier patient was also visible on a PACs workstation in the same room. When the physician returned to the room, the current patient made a declaration that she had taken a photograph of the x-ray and if the physician had not filled out the form for her, she would have reported the physician for a HIPAA violation. She then displayed her cell phone and deleted what she told the physician was a picture of the x-ray. (English)