Medical data of more than 6,000 patients breached

February 16, 2012 11:24:19 AM PST
St. Joseph Health System notified 6,237 patients of its Sonoma County hospitals by mail this week that their personal health information was mistakenly publicly accessible using outside search engines, hospital officials said.

The data was not financially sensitive -- no social security numbers, financial data or addresses were leaked -- and included patients' names, body mass indexes, blood pressure, lab results, smoking status and medication allergies.

Demographic information, including spoken language, ethnicity, race, gender and birth date, was also erroneously leaked when security settings were overlooked, allowing for the potential data disclosure.

According to hospital officials, the information was not readily identifiable, and, in most cases, a combination of search terms would have been required.

Most of the affected individuals received care as inpatients between February 2011 and August 2011, and the records, which were contained in files that were intended to be maintained securely for internal use, were available to search engines from early 2011 to this month.

Hospital officials said that once the breech was discovered the files were secured and that the hospitals were working to eliminate archived information still available on the Internet.

"Patients should know we will continue to work to ensure this situation does not occur again," St. Joseph Health System's chief medical officer and chief medical information officer Clyde Wesp said.

The health system operates both Santa Rosa Memorial Hospital, where 6,235 patients were affected, and Petaluma Valley Memorial Hospital, where two patients were notified, as well as three hospitals in Northern and Southern California where patient data was also breeched -- Queen of the Valley Medical Center in Napa, St. Jude Medical Center in Fullerton, and Mission Hospital in Mission Viejo and Laguna Beach.

Load Comments