News of the theft of a computer containing the personal data of 38,000 cancer patients across five states highlights the evolution of identity theft. Medical data is now more prized than Social Security numbers, privacy advocates tell

While Social Security numbers are increasingly common, a medical record of cancer or AIDS patients is worth its weight in gold, Pam Dixon, executive director of the World Privacy Organization, told "Cancer patients are big money." The reason: fraudulent medical charges can easily hide among the many legitimate costs.

The stolen computer belonged to Cincinnati-based Electronic Registry Systems (ERS), a private company that maintains federally mandated cancer patient records. The computer contained the records from five hospitals, three of which are in Georgia, Tennessee and Pennsylvania. ERS refused to identify the other two.

Responding to the incident, Emory advised patients to place a fraud watch on their credit records, which is a common reaction to data breaches.

However, checking credit records won't alert patients to fraudulent medical charges. Affected patients need to check their medical files, Dixon said.

Despite assurances that the computer had two passwords and the data was encrypted and usable only with proprietary ERS software, Dixon said gaining access was a simple matter.

"We're beyond that level of innocence," she said, adding that files could be read and copied and leave no fingerprints.

ERS said the patient data was stored on the computer unencrypted to convert the information to its proprietary format. As a result of the theft, the company said it has made changes to improve security.

This article was first published on To read the full article, click here.