'Data error' exposes 974,000 patient records at UW Medicine

Mackenzie Garrity - Print  | 

Seattle-based UW Medicine sent letters to 974,000 patients notifying them of a Dec. 4, 2018, data error that allowed patient information to come up in internet searches.

UW Medicine became aware of the incident Dec. 26, 2018, and took immediate action to remove the patient files from the internet. An internal human error made the patient files accessible. Google saved some of the files before UW Medicine discovered the breach, so the hospital worked with the tech giant to remove the saved versions.

As of Jan. 10, all patient files were removed from Google's servers. There is no evidence the files have been misused.

The files that were searchable online contained names, medical record numbers, who UW Medicine shared the information with, a description of information shared and reason for disclosure. The files did not contain medical records, patient financial information or Social Security numbers.

In some cases, files also included the lab test names or the name of a research study that also included the names of health conditions. UW Medicine's database is used to keep track of the times the hospital shares patient health information.

Since the breach, UW Medicine is reviewing its internal protocols and procedures to prevent further data errors. UW Medicine has also set up a call center and website to field patient questions.

More articles on cybersecurity:
Cloud security provider extends services to Google Cloud customers
Patient medical records sell for $1K on dark web
Phishing attack exposes 30,000 patients at Mississippi hospital

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.