The information included names, diagnosis codes, admission and discharge dates, accounts numbers, and billing charges, but not social security numbers, of patients seen at the emergency room during a six-month period in 2009, according to a New York Times report.
The information was contained in a spreadsheet prepared by a billing contractor that was posted to a commercial website called Student of Fortune, which enables students to solicit paid assistance for their schoolwork. The spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph, according to the newspaper.
“It is clearly disturbing when this information gets public. It is our intent 100 percent of the time to keep this information confidential and private, and we work hard every day to ensure that”, hospital spokesman Gary Migdol told the newspaper. He said that the university would pay for identity protection services for affected patients.
Mike Paquette, chief strategy officer at network security firm Corero, commented that “it’s nearly a certainty that if your organization has any information that might be valuable to someone or some organization, then someone will try to steal it for their benefit, and usually at your loss. In this case, even if it turns out this breach was not part of an actual theft, it may still cost Stanford, since they’ve offered to pay for identity protection services for affected patients.”