Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
In December 2018, a misconfigured server led to a data breach at the University of Washington Medicine.
UW Medicine Server Error Exposed Data of 974,000 Patients
On Dec. 26, 2018, a patient of UW Medicine googled their own name and discovered a public file online containing their sensitive medical information. Concerned that the data was publicly available, the patient notified UW Medicine of the privacy violation. The medical center’s internal investigation determined that an employee error three weeks earlier left the data of nearly 1 million patients exposed. According to KIRO 7, a server had been misconfigured and the error had gone unnoticed until the patient discovered it.
UW Medicine officials claimed to have taken steps to remove the sensitive data from the internet. Since Google had already saved some of the files, UW Medicine worked with the search engine to expunge the saved data and prevent it from being accessed by the public. According to UW Medicine, all of the saved data was removed from Google by Jan. 10, 2019. However, the 974,000 patients whose data was accessible and exposed for most of the month prior may still be eligible to pursue compensation for this privacy violation. Patients whose data was affected by the UW Medicine breach may be notified by mail.
In addition to patient names, the data exposed in the breach included medical record numbers, lab tests, lab results, and information on research studies. No medical records, financial data, or Social Security numbers were exposed in the breach, according to UW Medicine.
A similar data breach at the facility in 2013 resulted in 90,000 patients’ Social Security numbers and medical data being compromised when an employee opened an attachment containing malware, or a virus. The malware infected the system used to store patient data. A lawsuit regarding the breach was settled for $750,000 in 2015.
Background on Medical Data Breaches
According to the tech security website SecurityBoulevard.com, healthcare data breaches in the U.S. cost about $4 billion in 2019. Approximately 93 percent of U.S. healthcare organizations have experienced a data breach in the past few years, putting millions of patients at risk of having their personal information exposed to third parties. Many of the health care organizations involved in data breaches have experienced multiple attacks due to employee errors, malware, unsecured networks and other causes.
Patients whose personal medical records and other sensitive information have been exposed by data breaches may be subject to invasions of privacy, identity or financial theft, and other negative consequences.
If your personal medical information was exposed by the UW Medicine data breach or another medical center data breach, you may be eligible to hire an experienced attorney and file a class action lawsuit. Victims of these breaches may be able to recover financial compensation for these invasions of privacy.
Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation
If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
6 thoughts onUW Medicine Data Breach Exposes Info of 974,000 Patients
Please add me
Please add me!
My info was part of the data breach, I got a letter in the mail. Please add me.
My info was part of the data breach, I got a letter in the mail. Please add me.
Pls add me
Please add me