Hospital Settles Data Breach Lawsuit for $4m

Stanford University hospital breach exposed data of 20,000 patients.

Stanford Hospital and Clinics will pay more than $4.1 million to settle a class action lawsuit for allowing the information of about 20,000 patients to be posted online for nearly a year.

The breach occurred in 2010 and affected patients who visited the facility’s emergency department from March 1 – Aug. 31, 2009, reports the San Jose Mercury News.

The names and diagnosis codes of 20,000 patients were in the possession of a vendor called Multi-Specialty Collection Services, and ended up on a Web site called “Student of Fortune.” The Web site allows students to solicit assistance with their school work for a fee.

The spreadsheet first appeared on the site as an attachment to a question about how to convert data into a bar graph.

The spreadsheet was initially sent to a job prospect as part of a skills test by a marketing agent for Multi-Specialty Collection Services. The applicant sought help on the test by posting the data on the Web site.

The data remained on the site starting in September 2010 until a patient discovered it on Aug. 22 and notified the hospital. No credit card or Social Security information was posted.

California hospitals are legally barred from disclosing patient records without their written consent.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ