More proof that patient data is falling victim to insider threats and hacks: A national hospital chain says a former employee recently convicted of identity theft had access to the personal information of some 37,000 of its patients nationwide, according to a published report.

And separately, security services provider SecureWorks yesterday reported an 85 percent increase in the number of attempted hacks on its health care clients: from an average of 11,146 attempts per client each day during the first half of 2007 to 20,630 per client through January of this year.

Tenet Healthcare Corp., meanwhile, sent out letters last week to potential victims who had been patients at its 54 hospitals nationwide. Ex-Tenet employee Terence Brooks, who had worked at the health care firm’s Frisco, Texas, billing center, was arrested last November for attempting to get a credit card using stolen information from his job. He reportedly stole the names, Social Security numbers, and other personal data of around 90 Tenet Healthcare patients. The billing center processes around 4 million accounts in all.

Brooks was sentenced to nine months in prison after pleading guilty last month to multiple counts of fraudulent use and possession of ID information. Now other Tenet patients whose data he may also have compromised are scrambling to check credit reports and fraud alerts.

"What's challenging in this situation is there was an employee intent on committing fraud," a Tenet spokesman said. "No company can prevent that, but we can have practices in place to immediately address it when it does occur, and that's what we did."

SecureWorks, meanwhile, says health care firms are seeing a spike in attacks due to the volume of personal data they store, as well as the increase in client-side attacks occurring overall.

— Kelly Jackson Higgins, Senior Editor, Dark Reading