PALO ALTO, Calif. — The medical records of 20,000 emergency room patients from Stanford University’s hospital were posted publicly on a commercial Web site for nearly a year after a data breach.
The names and diagnosis codes of 20,000 patients were in the possession of a vendor called Multi-Specialty Collection Services, and ended up on a Web site called “Student of Fortune,” The New York Times reports. The Web site allows students to solicit assistance with their school work for a fee.
The spreadsheet first appeared on the site as an attachment to a question about how to convert data into a bar graph.
The spreadsheet was initially sent to a job prospect as part of a skills test by Frank Corcino, a marketing agent for Multi-Specialty Collection Services, The New York Times reports. The applicant sought help on the test by posting the data on the Web site.
The data remained on the site until a patient discovered it on Aug. 22 and notified the hospital.
Related Articles: