California hospital patients' PHI accidentally posted online for more than 1 year

Hannah Mitchell -

Modesto, Calif.-based Doctors Medical Center began notifying patients that a former vendor made patients' protected health information publicly accessible online since 2019.

The hospital learned of the data breach on April 2 after its virtual waiting room vendor, Medifies, had a misconfigured software update that made patients' PHI public, an April 23 notification letter said.

Upon discovering the breach, the hospital contacted Medifies to remove the information that same day and launched an investigation. Medifies retained a third-party forensic firm to investigate the breach. The investigation determined the software update that made patients' information public occurred in December 2019 — almost a year and a half before the breach was discovered.

PHI that was published online includes patients' names, addresses, procedure information and more. Social Security numbers and bank account information was not included.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.