Breach, Data Security

Patient data available on Google, Yahoo due to security mishap

The health records of more than 30,000 patients at five California hospitals may have been publicly accessible via search engines due to improper server configurations.

How many patients? 31,800 people being treated from February to August 2011 at St. Jute Medical Center, Mission Hospital, Queen of the Valley Medical Center, Santa Rosa Memorial Hospital and Petaluma Valley Hospital.

What type of personal information? Names, blood pressures, lab results, medication allergies and demographic data, as well as other medical details, such as body-mass index, and smoking and advance directive status.

What happened? Incorrect security settings enabled the information to be available on search engines Google and Yahoo. However, to come across the information, one would have had to conduct a detailed search using a string of terms. The data was available from early 2011 through February.

Details: The hospitals were notified about the breach from the lawyer of a patient, who somehow found the data online. Hospital officials contacted the search engine providers to ensure the information was expunged. There is no reason to believe any of the data was misused.

What was the response? Patients were notified by mail.

Quote: "I think that the most important thing is our response was rapid," said Clyde Wesp, chief medical information officer for the St. Joseph Health System.

Source:, The Orange County Register, "Up to 21,300 patients' records put at risk, St. Joseph says," Feb. 16, 2012.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.