[BreachExchange] UW Medicine faces class-action lawsuit following data breach that affected 974, 000 patients

Destry Winant destry at riskbasedsecurity.com
Tue Feb 25 10:20:49 EST 2020


https://www.beckershospitalreview.com/cybersecurity/uw-medicine-faces-class-action-lawsuit-following-data-breach-that-affected-974-000-patients.html

Several patients involved in a data breach at Seattle-based UW
Medicine have sued the academic medical center claiming their
protected health information was not properly safeguarded.

In February 2019, UW Medicine officials notified 974,000 patients of a
data error that allowed their information to be viewable in internet
searches. UW Medicine became aware of the incident Dec. 26, 2018, and
took immediate action to remove the patient files from the internet.
An internal human error made the patient files accessible. Google
saved some of the files before UW Medicine discovered the breach, so
the hospital worked with the tech giant to remove the saved versions.

The files that were searchable online contained names, medical record
numbers, who UW Medicine shared the information with, a description of
information shared and reason for disclosure. The files did not
contain medical records, patient financial information or Social
Security numbers.

In some cases, files also included the lab test names or the name of a
research study that also included the names of health conditions. UW
Medicine's database is used to keep track of the times the hospital
shares patient health information.

The class-action lawsuit alleges UW Medicine was negligent and did not
promptly inform patients of the security incident. Patients are
seeking full disclosure of the information that was compromised,
statutory damages and legal fees. Additionally, patients are calling
for UW Medicine to enhance its cybersecurity practices.


More information about the BreachExchange mailing list