Stanford Hospital investigating how patient data ended up on homework help website
Confidential medical data on 20,000 patients potentially compromised
Computerworld - Stanford University Hospital in Palo Alto, Calif. is investigating how a spreadsheet containing personal medical data on 20,000 patients that was being handled by one of its billing contractors ended up publicly available for nearly one year on a homework help site for students.
The spreadsheet first became available on the site last September as an attachment to a question supposedly posed by a student on Student of Fortune, a website that lets students solicit help with their homework for a fee. The question sought help on how the medical data in the attachment could be presented as a bar graph, The New York Times reported on Thursday.
A Stanford Hospital & Clinics representative told Computerworld in a statement that the hospital discovered the file on August 22, and took action to see it was removed within 24 hours.
"A full investigation was launched, and Stanford Hospital & Clinics has been working very aggressively with the vendor to determine how this occurred, in violation of strong contract commitments to safeguard the privacy and security of patient information," the statement said.
The statement identified the third-party as Multi Specialties Collection Services, which it described as an "outside vendor's sub-contractor."
The company is conducting its own investigation into what happened. "The Hospital may take further action following completion of the investigation," the statement said. "This incident was not caused by the Hospital, and responsibility has been assumed," by the third-party contractor, it added.
The spreadsheet contained names, diagnosis codes, account numbers as well as admission and discharge dates for about 20,000 patients who visited the Emergency Room at the hospital in 2009. No Social Security numbers, addresses, birthdates, or credit card details were compromised in the breach. Even so, Stanford has agreed to pay for identity theft monitoring services for the victims.
The hospital learned about the spreadsheet this August when a patient noticed it on the Student of Fortune website and informed the hospital about it. The spreadsheet was taken down immediately once the site learned about it.
Stanford has since suspended its relationship with the billing contractor and has asked it to either destroy or securely return all Stanford patient-related data it currently has in its possession.
The spreadsheet had been prepared by the contractor as part of a billing analysis for the hospital.
Student of Fortune did not immediately respond to a request for comment on the incident. But a spokeswoman for Student of Fortune is quoted in the Times report as saying that the site had been unaware of the data until being informed about it by the hospital at which time it promptly took the information down. The spokeswoman said the identity of the poster cannot be determined.
- Web apps and point-of-sale were leading hacker targets in 2013, says Verizon
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Data Security White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!