Misconfigured Database Leaves Data for 974,000 UW Medicine Patients Exposed

A patient searching for her own name online discovered a data breach at academic medical center UW Medicine in Seattle that affected around 974,000 patients. UW Medicine is blaming a “misconfigured database” for the incident, which left internal files unprotected and visible online for more than a month.

UW Medicine said in a statement that it believes the risk of identity theft to those involved in the breach is “negligible” since “no financial information or Social Security numbers were exposed.” Because of this, UW Medicine will not be offering credit monitoring to those affected, a spokesperson said.

According to UW Medicine, the database first was exposed on Dec. 4 “due to an internal human error.” A patient found the information after Googling her own name and reported it to UW Medicine, which “fixed the error immediately upon discovery” on Dec. 26. UW Medicine then worked with Google to remove caches of the information, which took until Jan. 10.

This document is only available to subscribers. Please log in or purchase access.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field