Healthcare News & Insights

Disgruntled radiologist hacks into hospital files

It’s not uncommon to hear about a hospital’s records system being breached via a missing laptop, or a con artist looking for info for identity theft. But a recent case highlights another danger zone: disgruntled former employees.

A fired radiologist spent a month after losing his hospital privileges logging into the PACS (picture archiving and community system) at Griffin Hospital in Derby, Connecticut.

The fired doc, who wasn’t named by the hospital, used the log-ins of other employees to access records of 957 patients — and downloaded images from more than 300 of them. The files contained patient identifiers, but no financial info or Social Security numbers. (The other employees had not given the radiologist their passwords, and were unaware of how they were being used.)

The breach was discovered after patients reported receiving unsolicited calls from the doctor encouraging them to receive treatment at another hospital.

The incident was announced by Griffin Hospital. The state attorney general is investigating.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.


  1. This is Information Security 101. The Radiologist should not have had PACS or Network Access once terminated, especially if it is involuntary. Unless the Radiologist was an expert hacker, if (s)he could guess the Passwords of fellow employees, Griffin Hospital must NOT have had either password complexity or account lockout after 3 or 5 failed logins. Both are basic security requirements (well below Best Practices).

    A career IT Auditor,
    Roger T.