Confidential medical records of some 20,000 patients at a top hospital were posted online where anyone could see them—for almost a year. Somehow, data for Stanford Hospital’s ER patients moved from the hands of a billing contractor onto a Web site devoted to schoolwork help. The information was posted on the site, called Student of Fortune, in September 2010, a hospital rep tells the New York Times; the spreadsheet was contained in an attachment to a query about graphing.
The data revealed patients’ names, diagnosis codes, billing charges, admission dates, and more—though it didn’t show Social Security or credit card numbers. A patient came upon the posted data just weeks ago and told the hospital; the Web site quickly took down the post. Such breaches are not isolated incidents: Medical data for some 11 million people has been revealed over the past two years across 44 states, government records show. Causes range from wrongly-addressed mail to files left on the subway. Click for more on recent medical data breaches. (More Stanford University stories.)