UofL Web Site Exposes Patients’ Personal Info

In what’s become a weekly occurrence, another hospital has accidently divulged hundreds of patients’ most sensitive personal information by accident.

As eSecurity Planet reports, this latest data breach at a major medical center really amounts to just a shortage of commonsense.

A physician set up what he thought was an internal Web site to help care for more than 700 patients receiving dialysis treatments for a variety of kidney ailments. Turns out the site was never secured, as the physician had thought, and the hospital only found about the serious security vulnerability after good Samaritan e-mailed on the outside send a cautionary e-mail.

Data exposed included names, Social Security numbers and, in some cases, some medical history information. Thus far, hospital official say, none of the affected patients appear to have had their identities stolen.

A physician at the University of Louisville Hospital inadvertently put the names, Social Security numbers and some medical information of 708 patients receiving kidney dialysis treatment at risk for 19 months after he set up a database on an unsecured Web page.

University of Louisville spokesman Mark Hebert told InternetNews.com the data breach was just another classic example of how a well-meaning medical professional can innocently expose patient data in the normal course of providing care.

“It was an internal Web page that couldn’t be accessed from another public page or through surfing the Internet,” Hebert said. “He thought he was the only one who could access the page. He was wrong.”

Read the full story at eSecurity Planet:

University of Louisville Patients’ Data Exposed

News Around the Web