In “another day, another privacy breach” news it was revealed this week that the venerable New York-Presbyterian Hospital and Columbia University Medical Center “inadvertently” posted the personal medical data of thousands of its patients online in July of this year.
Information about around 6,800 patients was posted and much of it included names, addresses, clinical data and in ten cases social security numbers.
When the breach occurred it was caught by the eagle eye of patient’s relative who came across the data online, meaning it was picked up by search engines. No announcement about the error was made at the time the institution says because an internal investigation was being conducted.
Although a great deal of information was revealed, including patient temperatures, a spokeswoman for the hospital Myrna Manners told The Times that no diagnosis information of any kind had been disclosed (that’s OK Mrs Jones, they have your name address and phone number but no one knows you had a hip replacement)
According to Manners the data was accidentally placed on a server and has since been removed.
“We deeply regret that this has occurred and we understand the concern that patients and their families may feel upon learning that their information may have been exposed,” the hospital said. “We are in the process of informing all affected patients and have set up a hot line for patients to call if they have questions.”
Apparently no one knows exactly how the sensitive data ended up on the server. The hospital says there’s absolutely no evidence the information has been “improperly used,” but it has not disclosed whether it knows how many people might have seen the information.