In The New York Times, Kevin Sack traces the series of errors and lapses in judgement that led to a large-scale data breach at Stanford Hospital, one which went unnoticed for almost a year. Sack’s lead paragraph neatly encapsulates the whole story.
Private medical data for nearly 20,000 emergency room patients at California’s prestigious Stanford Hospital were exposed to public view for nearly a year because a billing contractor’s marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test, the hospital and contractors confirmed this week. The applicant then sought help by unwittingly posting the confidential data on a tutoring Web site.
Since 2009, when federal law began requiring disclosure of medical data breaches involving more than 500 people, Sack reports that about 330 incidents have been reported on an HHS website. A CSV file of the data is available.
