In a mysterious breach of privacy, personal data of 20,000 emergency room patients from Stanford Hospital in Palo Alto, California, have been posted online, reports The New York Times. The leaked information includes names and diagnosis codes, among other details, the hospital has confirmed.
The breach was first discovered last month, but the hospital says the records have been online for almost a year — an unusually long time for such information to remain publicly available.
How the patient data became public remains much of a mystery. The data started out as a standard spreadsheet at Stanford Hospital. It then came into the hands of one of the hospital’s billing contractors, Multi-Specialty Collection Services. Then, somehow, it eventually ended up on the website Student of Fortune, which offers students help with their assignments, at a price.
The spreadsheet, which in addition to names and diagnosis codes also included account numbers, billing charges, and admission and discharge dates, first appeared on Student of Fortune exactly a year ago today, September 9, 2010.
The spreadsheet was removed from Student of Fortune, which is owned by Time Warner, on August 23, one day after Stanford Hospital was notified of its presence. The site’s operators said they had no knowledge of the spreadsheet, and took it offline “within 30 seconds” after learning that it was there.
“It is clearly disturbing when this information gets public,” said Gary Migdol, a spokesman for Stanford Hospital and Clinics. “It is our intent 100 percent of the time to keep this information confidential and private, and we work hard every day to ensure that.”
The inappropriate release of patient data is more common than you might think. According to the Department of Health and Human services, medial records for more than 11 million people have leaked in just the past two years.