The data breach at SEATTLE’s UW Medicine exposed around 974,000 patient records. The files that web public did not contain anything too revealing, no medical or financial information or Social Security Numbers were available to be read. The content that was exposed were names, medical record numbers and descriptions.
How did this happen? A public facing server that hosts their websites had a vulnerability that caused the internal files to have the ability to be searched on the internet. Good news is, corrective actions have been made and files are no longer available.
“UW Medicine became aware of a vulnerability on a website server that made protected internal files available and visible by search on the internet on Dec. 4, 2018,” spokeswoman Susan Gregg said in a statement. “The files contained protected health information (PHI) about reporting that UW Medicine is legally required to track, such as reporting to various regulatory bodies in compliance with Washington state reporting requirements.”
The UW Medicine hired a vendor to maintain the website: “This website is being maintained by ID Experts on behalf of UW Medicine for the purpose of providing valuable information about a data exposure that occurred in December 2018 as the result of human error.”
“This is a breach of data, but it’s also a massive breach of the public’s trust,” Dunn added in a statement. ”That’s why I am immediately introducing legislation requesting the County Executive to form a commission to investigate what went wrong, why it happened, and how to ensure this never happens again. The public deserves so much better.”