June 18, 2012

Memorial Sloan-Kettering Cancer Center patient data compromised

For more than six years, the personal and medical data of hundreds of patients of Memorial Sloan-Kettering Cancer Center (MSKCC) in New York was posted on the internet.

How many victims? 880.

What type of personal information? Names, dates of birth, medical record numbers, dates of treatments, and in some cases Social Security numbers and clinical data.

What happened? A PowerPoint presentation prepared in 2005 for doctors and researchers at the facility accidentally contained embedded sensitive information.

Details: While the data embedded in the charts was not visible to those viewing the presentation, someone accessing the slides via the internet would be capable of manipulating the graphs to expose it. The information was available online from Oct. 16, 2005 to April 13. Sloan-Kettering has since removed the file, which was not encrypted or password protected, from its website and deleted all copies. There is no reason to believe any of the data was misused.

What was done: The facility mailed letters to affected patients, stating that the presentation is no longer in use by staffers and has been deleted from their files.

In a Friday statement, MSKCC said it had taken "significant measures" to bolster its information and data security systems. It also said it was taking steps to prevent future occurrences. 

Source: LongIslandPress.com, "Memorial Sloan-Kettering Patient Data Leak Undetected for 6 Years," June 14, 2012


Previous Post
Next Post
Related Articles
Related Topics
Related Links
close

Next Article in The Data Breach Blog

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.