What happened? Patient records were available by web search during a four-week period after Sky Lakes Medical Center (Oregon) shut down its online bill-payment system, and a third-party, Verus, Inc., transferred the data from one server to another to perform maintenance.

What types of personal information? The information included patient names, addresses and Social Security numbers.

What was the response? The hospital sent letters to 30,000 patients warning them of the problem.

The hospital terminated its contract with Verus and shut down the system.

The hospital also scanned records to see if they were accessed inappropriately. No evidence of unauthorized access was discovered.

Details: The records were discovered online when a patient at another hospital was able to access his records while searching the internet.

Quote: “The door was open, nobody came through it,” said Tom Hottman, Sky Lakes spokesman.

Source: Klamath Falls Herald and News, Aug. 15, “Online bill pay at Sky Lakes shut down