Seattle-based UW Medicine sent letters to 974,000 patients notifying them of a Dec. 4, 2018, data error that allowed patient information to come up in internet searches.
UW Medicine became aware of the incident Dec. 26, 2018, and took immediate action to remove the patient files from the internet. An internal human error made the patient files accessible. Google saved some of the files before UW Medicine discovered the breach, so the hospital worked with the tech giant to remove the saved versions.
As of Jan. 10, all patient files were removed from Google's servers. There is no evidence the files have been misused.
The files that were searchable online contained names, medical record numbers, who UW Medicine shared the information with, a description of information shared and reason for disclosure. The files did not contain medical records, patient financial information or Social Security numbers.
In some cases, files also included the lab test names or the name of a research study that also included the names of health conditions. UW Medicine's database is used to keep track of the times the hospital shares patient health information.
Since the breach, UW Medicine is reviewing its internal protocols and procedures to prevent further data errors. UW Medicine has also set up a call center and website to field patient questions.