COLUMBUS, Ohio, Ohio State University (OSU) Medical Center officials issued a statement Nov. 3 saying the hospital inadvertently posted the information of approximately 2,800 patients on the Internet.
The information included the patients’ names, phone numbers, dates of birth, Social Security numbers and reasons why they were making appointments. The error involved patients who made or changed appointments on April 19, 2004.
OSU Medical Center learned of the mistake three weeks ago from someone who had stumbled upon the information online. Officials immediately blocked access to the exposed server and had the information removed from public domain. University representatives do not know how long the data was posted.
To assure the exposed information is not inappropriately used, the hospital has arranged for the affected patients to receive 12 months of free credit protection. OSU has also initiated a review of its information security policies.
