Stanford takes another security hit: second breach in one year

Less than a year after it was discovered that almost 20,000 patient names and diagnoses were published on a public website where they remained for a full year, Stanford Hospitals & Clinics and the School of Medicine has suffered another data breach. A password-protected computer was stolen from a physician's locked office.

The breach occurred on July 15 or 16, and the organization is in the process of notifying 2,500 affected patients, according to a statement. Compromised information included names, location of service and medical records; some treatment histories and dates of birth or ages; and a “small” amount of Social Security numbers. The university is offering paid identity protection services and said it has tightened security.

The stolen computer has tracking software that enables the university to know if it has been connected to the internet and its location, but the computer has not yet been detected. Police are investigating.

The Department for Health and Human Services' Office for Civil Rights will post the breach on its website of major breaches affecting 500 or more individuals, where it will join the breach listing from October of last year. That breach led to the filing of a class action lawsuit.