The confidential medical records of 20,000 Stanford Hospital emergency room patients, including their names and diagnosis codes, were accidentally made available on a commercial website for nearly a year, the university hospital confirmed.
In addition to their names, the Palo Alto, Calif., hospital said that patients' account numbers, billing charges and admission and discharge dates were also exposed, the New York Times reported.
The breach occurred on Sept. 9, 2010, when a spreadsheet containing the medical records was found on a website called "Student of Fortune," which allows students to pay for help with their schoolwork. It wasn't until Aug. 22, 2011, that a patient discovered the breach and reported it to the hospital.
Four days later, Stanford Hospital disclosed the breach to affected patients, notified state and federal agencies and had "Student of Fortune" take down the offending spreadsheet, the Times said.
Thankfully, the exposed spreadsheet did not include patients' Social Security numbers or any financial information that could be maliciously used to compromise their identities.
Unfortunately, data breaches of this magnitude and personal nature are not as uncommon as one would hope. In just the past few months, Yale University, Purdue University, the University of Wisconsin, the Texas state comptroller's office and the Massachusetts Executive Office of Labor and Workforce Development (EOLWD) have all suffered similar fates, exposing — in the EOLWD's case — the personal information of as many as 210,000 people.