A database with data on thousands of patients at Stanford University’s hospital in Palo Alto, Calif. was made available on a website.
How many victims? 20,000
What type of personal information? Names, diagnosis codes, account numbers, admission and discharge dates, and billing charges, (Did not include Social Security numbers, birth dates or credit card accounts).
What happened? A spreadsheet containing data for patients seen at Stanford Hospital’s emergency room during a six-month period in 2009 was posted to a website, called “Student of Fortune,” which assists students with their school assignments. The hospital said that in September 2010, one of its vendors, a billing contractor Multi-Specialty Collection Services, posted an attachment containing the database in response to a question about converting the patient data into a bar graph.
Details: Following disclosure of the breach, the hospital canceled its contract with the provider and received a signed promise that files would be destroyed or returned.
What was the response? The hospital has made free identity protection services available to affected patients.
Source: New York Times, Sept. 8, 2011