A website created by the Philadelphia Department of Public Health to track hepatitis infections was compromised, exposing individual's health records, according to The Philadelphia Inquirer.
The Inquirer discovered Oct. 11 that the website left patient information available to view and download by unauthorized third parties. After the public health department was notified, the information was taken down within minutes.
"We deeply regret the inadvertent exposure of personal health information on our website," Thomas Farley, Philadelphia's health commissioner, told the Inquirer. "We will conduct a thorough investigation of this incident, attempt to determine if any confidential information was accessed by others, take appropriate corrective actions, and do everything we can to protect the privacy and security of personal information."
Much of the data stored on the website focused on patients with positive test results for hepatitis B and C. The data spanned from 2013 to 2018. In one case, 23,000 individual records of new cases of hepatitis C were accessible to view online.
It's unclear how many people were affected. The public health department did not confirm if was planning to notify all whose records were exposed. Officials were also unable to determine how many people accessed the data.
Patient data that was affected included names, addresses, Social Security numbers, health records, dates of birth, test results and health provider notes.
The Inquirer confirmed it did not download any patient information or store the information after discovering it was left vulnerable.