Cancer Patients' Information Exposed in Hospital Data Breach

/ Source: SecurityNewsDaily

Having cancer is a horrible, terrifying thing. Finding out that your hospital accidentally released your personal information and allowed it to be posted on the Internet only adds insult to injury.

That's what an undetermined number of former and current patients at Memorial Sloan-Kettering Cancer Center in New York are going through as the world-renowned hospital informs them that their vital data was accidentally embedded in a 2005 PowerPoint presentation, which was subsequently posted on the Web by a medical organization.

"I feel violated," one woman who was contacted by the hospital told the Long Island Press of New York. "You get sick. You give them your information. You trust them. And then they leak your information."

The personally identifiable information, which included names, birthdates, medical records and, in some cases, Social Security numbers, was embedded in the PowerPoint file, but not immediately visible. However, manipulating the file would have easily revealed the data, according to the Long Island Press.

The PowerPoint file stayed on the website of the medical organization, which Memorial Sloan-Kettering would not identify, until April 2012, when the hospital discovered the error and had the organization take the presentation down.

Anyone who receives a letter from Memorial Sloan-Kettering informing them that their personally identifiable information has been exposed should contact the three credit-reporting agencies — Equifax, Experian and TransUnion — and ask to be placed on a credit alert.

That way, any attempts to open a line of credit in the affected person's name will be flagged, and the affected person alerted.