Stanford Hospital Contractor Leaks 20, 000 Patient Records to Public Website

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/c/a/Security/Stanford-Hospital-Contractor-Leaks-20000-Patient-Records-to-Public-Website-642765/

By Fahmida Y. Rashid
eWEEK.com
2011-09-08

A data privacy breach at Stanford University's hospital has resulted in 
medical records for 20,000 emergency room patients being posted on a 
public Website for nearly a year, according to The New York Times.

A patient notified the hospital of the breach Aug. 22, and the hospital 
has been investigating how a detailed spreadsheet containing sensitive 
patient information wound up being posted on a commercial site, The New 
York Times reported Sept. 8. The compromised information belonged to 
patients who went to Stanford Hospital's emergency room over a six-month 
period in 2009.

The records included names, diagnosis codes, account numbers, dates of 
admission and discharge, and billing charges. Social Security numbers, 
birth dates, credit card accounts or other information that could 
potentially result in identity theft was not exposed. Even so, the 
hospital is offering free identity-protection services to all affected 
patients.

“It is clearly disturbing when this information gets public,” Diane 
Meyer, Stanford Hospital's chief privacy officer, told the Times, 
adding, “It is our intent 100 percent of the time to keep this 
information confidential and private, and we work hard every day to 
ensure that."

[...]

_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/