TRENDING:

Glitch Exposes Medical Records Online

30,000 Patients Alerted to Search Engine Exposure Howard Anderson (ismg_editor) • February 17, 2012    
Glitch Exposes Medical Records Online

A California health system is notifying about 30,000 patients that their personal health information was accessible via search engines for about a year.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

St. Joseph Health System in Orange, Calif., says the records for patients treated at five of its hospitals were stored on the organization's internal computer network with incorrect security settings that allowed for the potential for inappropriate access. The information was available to search engines from early 2011 until this month, when the glitch was discovered.

Information that may have been accessed includes patient name, diagnoses list, medication allergies, body mass index, blood pressure, lab results, smoking status, and advance directive status. Also included was certain demographic information, including birth date, race and gender. The information did not include any financial information or Social Security numbers.

"The information was not readily identifiable on the Internet," according to a statement from the health system. "In most cases, a complex combination of terms or extensive search would have been required to access the records."

Since discovering the breach, "/files have been secured within the hospital's system and the hospitals' teams are working to eliminate residual or archived information from the Internet," according to the statement.

The health system is providing patients affected with free identity theft protection services.

Previous
Bank of America Clarifies Breach
Next
4 Crime Rings to Watch

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Securing the SaaS Layer
Securing the SaaS Layer
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.