Iowa hospital unknowingly posts 5,300 patients' data online for nearly 2 years
- Through an unexplained fluke, the University of Iowa Hospital and Clinics posted online the names, admission dates and medical record numbers of about 5,300 patients.
- In a news release Tuesday, University of Iowa Health Care said “a limited set of data … was inadvertently saved in unencrypted files that were posted online through an application development site.” The files did not include clinical information.
- The breach, which occurred in May 2015, was discovered on April 29. UI Healthcare notified affected patients on June 22. There are no signs that the information was misused, according to the organization.
UI Health Care said it conducted an internal investigation to identify and reduce risks and has beefed up training and data oversight to prevent future breaches.
This isn't the first type of data exposure noticed this year. In April, ZDNet and DataBreaches.net reported a software developer accidentally posted a patient database online, exposing the health and personal information of nearly 1 million seniors. The breach occurred three years ago while the developer was creating a new customer database for healthcare telemarketer HealthNow Networks. HealthNow, which went out of business, provided medical supplies to diabetic patients.
Patient data has seen its share of the limelight this year in the wake of ongoing ransomware attacks and a global "wiper" cyberattack referred to as NotPetya, ExPetr or Nyetya which have affected some providers or healthcare companies. About 80% of U.S. healthcare organizations plan to increase data security spending this year and 39% say security breaches are a main motivator.
A report by Ponemon Institute found 89% of healthcare organizations studied experienced a data breach involving lost or stolen patient data during the past two years. The report estimates that data breaches are costing the healthcare industry $6.2 billion.
“Your weakest link is always your people,” Aaron Miri, CIO and vice president of government relations at IT security firm Imprivata, told Healthcare Dive last year. “Unless you’re continually improving that and helping to shape and guide them, that is always going to be an issue.”
- The Washington Post Iowa hospital unwittingly posts 5,300 patients’ data online
- KWWI.com University of Iowa investigates potential data breach