Healthcare News & Insights

How did hospital lose 20k patient records for a year?


One of the country’s leading hospitals is trying to explain how 20,000 patient records ended up on a homework-help site for nearly a year. The breach, discovered just last month, involved patients who visited Stanford Hospital’s Palo Alto, California emergency room during a six-month period in 2009. The records included patients’ names, diagnosis codes, billing charges and dates of their stays at the hospital.

The information was in a spreadsheet created by Multi-Specialty Collection Services, a vendor the hospital used for billing services. Somehow, the data made its way to a site called Student of Fortune, which lets students solicit paid help with their homework. An as-yet-unidentified person had posted the data in September 2010 along with a question about how to convert the data into another format.

The hospital was alerted to the breach by a patient who found the data online. Stanford contacted the site, who removed the data immediately, and alerted state and federal agencies to the breach as well as affected patients. According to the hospital, its internal investigation indicates no one employed by Stanford was responsible for the data leak.

The Dept. of Health and Human Services is expected to investigate further. The vendor involved hasn’t released a statement. Stanford has stopped using the vendor.

A hospital spokesperson noted that the breach didn’t include any information such as Social Security Numbers or credit card numbers that could be used for identity theft, but the hospital is providing free credit monitoring to patients who were affected.

But even with a minimal risk to patients’ credit scores, the breach is disturbing both for the length of time the records were available and the types of information they contain. One patient’s mother pointed out that her teenage son’s mental health diagnosis was released. She’s trying to hide from him that his records have been leaked. She fears that knowing that would embarrass him to the point of damaging the progress he’s made.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.


  1. […] According to the second annual study of data breaches among health care organizations by Ponemon Institute, the average annual cost of such leaks is $6.5 billion. […]