WA hospital mistakenly posted nearly 1 million patients’ personal info online

Officials blame ‘internal human error’

What to do when your personal information goes public

SEATTLE (KCPQ/CNN) - Nearly one million patients of University of Washington Medicine should be expecting letters in the mail soon because a data breach exposed some of their personal information on the internet.

Officials said their data breach was first discovered when a patient Googled their name. What they found was their health information that was supposed to be protected online.

"This was not a cyber attack, but rather this was an internal human error," said Dr. Timothy Dellit, UW Medicine’s chief medical officer:

The records included patients' names, medical record numbers and other records UW Medicine was required to document and report to law enforcement or public health authorities.

While the files did not actually contain any medical records, financial information or social security numbers, other patient information was made public.

"One of the notifiable conditions is HIV. In that setting it would say that there was an HIV test done. It would not include the result," Dellit said.

The files were exposed online on Dec. 4, 2018.

According to officials, the patient discovered their own information online three weeks after that, on Dec. 26, and immediately notified UW medicine.

“Once we identified it, however, we immediately fixed that, and so that information was no longer available from our website,” Dellit said.

While officials said they’re putting in steps to stop this from happening again and notifying about 970,000 patients across all 50 states about their exposed data, King Council member Reagan Dunn wants to take things a step further.

Nearly 1 million patients' personal info exposed online

He’s already working to create a commission to investigate and give recommendations on how to stop this type of data breach.

“In this era of big data, it’s critically important that people and groups that we trust to keep our date safe are in fact honoring that commitment,” Dunn said.

The university has also hired a vendor to manage a call center and website for patients affected by the breach.

Copyright 2019 KCPQ via CNN. All rights reserved.