A New York City hospital has apologized for a security lapse that allowed personal information belonging to as many as 6,800 former patients to be published on the Internet.
New York Presbyterian Hospital/Columbia University Medical Center says the information included names, clinical data and a few social security numbers.
The hospital said in a statement that the data had been inadvertently placed on a server, which was accessible online. The information has now been taken down. –Source
This is a pretty sad indiscretion although it is lacking some important details. I hate that it only says personal information for 6800 former patients. Ok, putting ANY health information on an insecure web server is just dumb, but not all health information is created equal. Plus, wouldn’t it be nice to know what happened to cause this issue so that others could learn from their mistakes?
Plus, was the health information placed on the web server in an accessible location or was it just on the web server? That would be very different things.
Still something’s wrong if they’re putting patient information on an unsecured server. Makes me wonder what the rest of the story really is though.