[jamra]

I would bet that they store SSN and MRN in the same table. Since the personally identifiable information (patient demographics) is the foreign key for the patient data, it seems likely that everything is compromised.

One way to have not allowed this is to force the database to restrict queries to use two pieces of information in the where clause. This means that they would have to search for name = "John Smith" and MRN = "xyz". This would prevent mass queries and database dumps.

[ceejayoz]

Having the ID - SSN or MRN - isn't the same as having the patient's full medical records. It'd be entirely possible for a system to have the IDs and not the data - a billing system, perhaps. It all depends on the nature of the compromise.

[jamra]

The argument I'm trying to make is that if someone compromises SSNs, which are used to authorize patients, it's very likely that they have also compromised MRN since MRN is what most healthcare applications use internally as the identifier for patient data.

In the case that they stored SSN and MRN together, which I believe is highly likely, the attackers also gained access to the MRN.

If the most highly protected data demographic data (the name and identifying information about the individual patient) is unencrypted and easily compromised, I believe that patient data was very likely compromised as well.

It is possible, however, that the attackers were only after information that could be used to commit identity theft so they may have ignored the health information, however, this does not mean that the health information was properly protected.