Thousands of University of Iowa Health Care (UIHC) patients had some of their private information inadvertently posted for more than two years on a web application development site.

How many victims? At least 5,300

What type of information? Patient names, dates of admission and medical record numbers.

What happened? In May 2015 the unencrypted patient information was saved by a UIHC employee to a public file-sharing site that was part of an open-source web application creation program being used by the organization. The files were left on the site unprotected after the project was completed.

What was the response? The files were spotted on April 29 by a cybersecurity professional and reported to UIHC’s privacy officer. The files were removed from the file-sharing site by May 1. On June 22 UIHC began sending letters informing those affected of what happened.  UIHC does not believe the information has been used for malicious purposes, but is recommending those affected keep an eye on their financial and health care records for suspicious activity.

Quote: “We understand the serious nature of any potential breach — no matter how limited,” according to the letters sent to affected patients. “To make sure that something like this doesn’t happen again, we conducted a full investigation and strengthened our training and oversight efforts to prevent a similar occurrence.”

Source: The Cedar Rapids Gazette