Several patients involved in a data breach at Seattle-based UW Medicine have sued the academic medical center claiming their protected health information was not properly safeguarded.
In February 2019, UW Medicine officials notified 974,000 patients of a data error that allowed their information to be viewable in internet searches. UW Medicine became aware of the incident Dec. 26, 2018, and took immediate action to remove the patient files from the internet. An internal human error made the patient files accessible. Google saved some of the files before UW Medicine discovered the breach, so the hospital worked with the tech giant to remove the saved versions.
The files that were searchable online contained names, medical record numbers, who UW Medicine shared the information with, a description of information shared and reason for disclosure. The files did not contain medical records, patient financial information or Social Security numbers.
In some cases, files also included the lab test names or the name of a research study that also included the names of health conditions. UW Medicine's database is used to keep track of the times the hospital shares patient health information.
The class-action lawsuit alleges UW Medicine was negligent and did not promptly inform patients of the security incident. Patients are seeking full disclosure of the information that was compromised, statutory damages and legal fees. Additionally, patients are calling for UW Medicine to enhance its cybersecurity practices.
To access the complete lawsuit, click here.