Breach, Data Security

Hospital posts personal patient information on public website

The personal information of patients Sonoma Valley Hospital in California was exposed online after a hospital employee accidentally uploaded the data to the hospital's public website.

How many victims? 1,350.

What type of personal information? Names, dates of service, procedures, surgeon's names, hospital charges, and patients' insurance company names.

What happened? A hospital worker accidentally uploaded the patient data onto the hospital's public website as part of a routine update, according to a news release. The data was not directly accessible through the website, but did show up in search engine queries.

What was the response? According to the release, after discovering the breach, the hospital removed the data, and affected patients were notified.

Details: The information was posted to the website on Feb. 14, and the hospital became aware of the breach on April 17.

Victims were patients who were in the hospital for surgery from July 1, 2011 to June 30, 2012. No other personal information was exposed.

Quote: “We have apologized to the patients involved for our error and assured them that we have taken action to understand the cause of the breach and strengthen policies and controls protecting patient information,” said Richard Reid, chief financial officer and compliance officer at Sonoma Valley Hospital.

Source:, Sonoma Valley Sun, Hospital discloses privacy breach,” May 24, 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.