Glitch Exposes Medical Records Online

30,000 Patients Alerted to Search Engine Exposure
Glitch Exposes Medical Records Online

A California health system is notifying about 30,000 patients that their personal health information was accessible via search engines for about a year.

See Also: How Tri-Counties Regional Center Secures Sensitive Files and Maintains HIPAA Compliance

St. Joseph Health System in Orange, Calif., says the records for patients treated at five of its hospitals were stored on the organization's internal computer network with incorrect security settings that allowed for the potential for inappropriate access. The information was available to search engines from early 2011 until this month, when the glitch was discovered.

Information that may have been accessed includes patient name, diagnoses list, medication allergies, body mass index, blood pressure, lab results, smoking status, and advance directive status. Also included was certain demographic information, including birth date, race and gender. The information did not include any financial information or Social Security numbers.

"The information was not readily identifiable on the Internet," according to a statement from the health system. "In most cases, a complex combination of terms or extensive search would have been required to access the records."

Since discovering the breach, "/files have been secured within the hospital's system and the hospitals' teams are working to eliminate residual or archived information from the Internet," according to the statement.

The health system is providing patients affected with free identity theft protection services.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.