Iowa City-based University of Iowa Health Care notified patients June 22 after it discovered protected health information for roughly 5,300 had been available online for almost two years, the hospital confirmed to Becker's.
The hospital said a limited dataset was unintentionally saved in unencrypted files and posted online through an application development site May 2015. A security expert discovered the privacy issue April 29, 2017, and reported it to the hospital, according to The Gazette. The hospital deleted all files May 1, 2017, shortly after it learned about the incident.
Hospital officials said there is no indication any information — which included patient names, dates of admission and medical record numbers — was misused or "further disclosed."
"UI Health Care understands the serious nature of any potential breach — no matter how limited — so it has conducted a thorough investigation, identified and mitigated the risks, and strengthened its training and information oversight efforts to prevent a similar occurrence," hospital officials told Becker's in an emailed statement.
Click here to read UI Health Care's public notice.
More articles on health IT:
Microsoft, other tech companies use robotics to address Zika
athenahealth: 5 thoughts on proposed Quality Payment Program