Stanford Hospital privacy breach puts data online

(AP) -- Stanford Hospital in California is blaming a subcontractor used by an outside vendor for a privacy breach that led to the posting online of medical information for thousands of emergency room patients.

The breach was first reported Friday by the New York Times ( http://nyti.ms/p84zWa ). The data of 20,000 patients, including names and diagnosis codes, remained on a commercial website for nearly a year until it was discovered last month and taken down, according to the newspaper.

In a statement, Stanford Hospital said the file that contained the patient information and was posted to the site was created by a subcontractor employed by one of its vendors, Multi Specialties Collection Services.

The hospital did not name the subcontractor, but it said Multi Specialties Collection Services is investigating how the company caused to be posted to the website. Stanford said in the meantime, it has suspended working with Multi Specialties Collection Services.

"This incident was not caused by the hospital, and responsibility has been assumed by a contractor working with the vendor," the hospital said in its statement.

The information posted to the website also contained numbers, hospital , emergency room admission and discharge dates and billing charges, according to the hospital. It did not contain credit card or , information commonly associated with identity theft.

The affected patients were seen by the hospital's between March 1, 2009, and Aug. 31, 2009.

"The hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved in not associated with identity theft," the statement reads.

The website where the file was posted allows students to pay for help with their school work, according to the New York Times.

Gary Migdol, a spokesman for the hospital, told the newspaper that he expected the federal Department of Health and Human Services to conduct its own investigation. Susan McAndrew, a deputy director in the department's Office for Civil Rights, said she could not discuss whether an investigation was in progress.

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Citigroup says 360,000 affected by hackers

Jun 16, 2011

Hackers stole account information of more than 360,000 of Citigroup Inc.'s U.S. credit card customers in a recent data breach, the bank said Wednesday, almost double the number initially thought.

More Sony websites hacked, 8,500 Greek accounts hit

May 24, 2011

Sony on Tuesday said its websites in three countries had been hacked with 8,500 Greek user accounts compromised, in a blow to efforts to restore confidence after a huge data breach affecting millions.

Hackers breach UC Berkeley computer database

May 08, 2009

(AP) -- University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

Recommended for you

New approach to particle therapy dosimetry

Dec 19, 2014

Researchers at the National Physical Laboratory (NPL), in collaboration with EMRP partners, are working towards a universal approach to particle beam therapy dosimetry.

Supplement maker admits lying about ingredients

Dec 17, 2014

Federal prosecutors say the owner and president of a dietary supplement company has admitted his role in the sale of diluted and adulterated dietary ingredients and supplements sold by his company.

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.