Breach investigation at San Diego hospital reveals human error as cause


June 25, 2014

The personal information of patients admitted to Rady Children's Hospital (RCH) in San Diego has been breached, with over 20,000 individuals affected.

Two separate emails were sent out by an employee, one with the information of 14,121 individuals and the other with the details of 6,307. Data for the 14,121 included names, dates of birth, treatment information and insurance information.

For the 6,307, discharge dates, payor names and account information ,as well as balance details, were leaked.

The sheer amount of information exposed here represents a substantial risk for the affected individuals.

Incidents like this only serve to highlight the ongoing importance of frequent security audits. Often, audits can identify potential security flaws before they become an issue. In addition, staff dealing with sensitive information should be trained in bestpractices for data security.

According to a release posted on the RCH website, the security of information systems was not compromised in either breach case. Since discovering the source of the breach, RCH has taken steps to ensure the recipients have deleted the emails.

"We have employed an independent IT security firm to verify that the files have been deleted from the recipients' devices," the release stated.

Leave a Reply

Your email address will not be published. Required fields are marked *