PALO ALTO (CBS/AP) — Stanford Hospital in California blames a subcontractor used by an outside vendor for a privacy breach that led to the posting online of medical information for thousands of emergency room patients.
The breach was first reported by the New York Times Friday. The newspaper says the data of 20,000 patients, including names and diagnosis codes, remained on a commercial website for nearly a year until it was discovered last month.
Stanford Hospital says in a statement that the file that contained the patient information and was posted to the site was created by a subcontractor employed by one of its vendors, Multi Specialties Collection Services.
The hospital did not name the subcontractor. But it says Multi Specialties Collection Services is investigating how the company caused patient information to be posted to the website.
(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)