St. Vincent Hospital Systems in Indiana reports a data breach due to an email account being hacked, with 1800 records being compromised. Hospital systems have already become familiar with losing patient information, and St. Vincent is no exception. There were 12oo patients compromised in Sept. 2010 when a laptop was stolen, and there was a much larger breach in 2007, when a contracted company inadvertently made changes to an internet server while working on a medical billing system.
If you work with Information Technology, this last breach is probably of more relevance to you. The trend in the medical community is to maintain a pared-down IT staff and contract specific projects to third-parties. This serves two critical functions. The first has to do with budgets - if a project is contracted out, it will show up as a monthly expense, but if staff is maintained "in-house" their salaries become part of the annual budget (along with benefits.) The more important reason, though, is scapegoating. If your company drops the ball, the hospital can "end the vending relationship" and possibly insulate themselves from liability.
This is where things are going in the identity theft and data breach world. The problem isn't easy to fix, but the data must still be maintained. With the risks of medical identity theft, medical professionals are concerned (assuming they have paid attention to the issue, naturally.) But expect to see more blame laying in the coming years, since reporting will bring more issues to light.
Check out this great story on ID theft by Leslie Yeransian http://abcnews.go.com/Business/story?id=2020213&page=1