Personal records of 974,000 University of Washington Medicine patients exposed due to unprotected database

• The unsecured databased was available online for most of December 2018.
• The exposed files contained patients’ names, medical record numbers including their purpose of the visit.

A misconfigured database at the University of Washington (UW) Medicine has exposed almost personal records of almost one million patients. The database in question was found to be available online for most of December 2018.

What happened?

Upon investigation, the healthcare facility reported that a website sever was searchable on the internet from December 4-26. It contained data of 974,000 patients. The exposed files contained patients’ names, medical record numbers, including their purpose of the visit. In some cases, the files included the name of a lab test that was performed or the named of the research study that had the name of a health condition.

However, in its breach notification, the healthcare facility has confirmed that the files did not contain any medical records, patient financial information, and Social Security numbers.

What security measures were taken?

In wake of the attack, the UW Medicine was quick at taking actions to protect its patients’ data. It initiated appropriate measures to remove saved information from any third-party sites. In addition, the healthcare facility also removed the exposed information from its site.

UW Medicine has confirmed that there is no evidence of misuse of data.

“When we learned of the exposure of the files to the internet, we took immediate steps to remove the information from the site and initiated appropriate measures to remove saved information from any third-party sites. At this time, there is no evidence that there has been any misuse or attempted use of the information exposed in this incident,” the healthcare facility said in its notification.

As a part of the security measures, it has also informed affected patients and the Office for Civil Rights about the breach.