Share |
nav products support compliance resources about contact nav
 

News & Blog

Tuesday, May 15, 2012

NETLIB FOCUSES ON THE GOVERNMENT SECTOR
NetLib.com

 
Monday, March 19, 2012

NetLib Attending Channel Link in Las Vegas
NetLib.com

 
Wednesday, February 01, 2012

NetLib Unveils Global Partner Program With Leaders in Information Security
PRNewswire

 
Archives...
 

NetLib Blog

For Press / Analyst Inquiries Contact Us

Posted by: NetLib on Thursday, September 08, 2011
Originally published at: The New York Times
Copyright: 2011 The New York Times

Patient Data Posted Online in Major Breach of Privacy

A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year.

Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork.

Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph.

Although medical security breaches are not uncommon, the Stanford breach was notable for the length of time that the data remained publicly available without detection.

Even as government regulators strengthen oversight by requiring public reporting of breaches and imposing heavy fines, experts on medical security said the Stanford breach spotlighted the persistent vulnerability posed by legions of outside contractors that gain access to private data.

The spreadsheet included names, diagnosis codes, account numbers, admission and discharge dates, and billing charges for patients seen at Stanford Hospital’s emergency room during a six-month period in 2009, Mr. Migdol said. It did not include Social Security numbers, birth dates, credit-card numbers or other information used to perpetrate identity theft, he said, but the hospital is offering free identity protection services to affected patients.

The breach was discovered by a patient and reported to the hospital on Aug. 22, according to a letter written four days later to affected patients by Diane Meyer, Stanford Hospital’s chief privacy officer. The hospital took “aggressive steps,” and the Web site removed the post the next day, Ms. Meyer wrote. It also notified state and federal agencies, Mr. Migdol said.

... read the full story at the link above ...

 
NetLib is a subsidiary of Communication Horizons © 2011 Communication Horizons LLC.