Home page logo

dataloss logo Data Loss mailing list archives

Patient data available on Google, Yahoo due to security mishap
From: security curmudgeon <jericho () attrition org>
Date: Thu, 23 Feb 2012 17:52:48 -0600 (CST)


Patient data available on Google, Yahoo due to security mishap
Dan Kaplan
February 23, 2012

The health records of more than 30,000 patients at five California 
hospitals may have been publicly accessible via search engines due to 
improper server configurations.

How many patients? 31,800 people being treated from February to August 
2011 at St. Jute Medical Center, Mission Hospital, Queen of the Valley 
Medical Center, Santa Rosa Memorial Hospital and Petaluma Valley Hospital.

What type of personal information? Names, blood pressures, lab results, 
medication allergies and demographic data, as well as other medical 
details, such as body-mass index, and smoking and advance directive 

What happened? Incorrect security settings enabled the information to be 
available on search engines Google and Yahoo. However, to come across the 
information, one would have had to conduct a detailed search using a 
string of terms. The data was available from early 2011 through February.

Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue

  By Date           By Thread  

Current thread:
  • Patient data available on Google, Yahoo due to security mishap security curmudgeon (Feb 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]