UW Medicine Facing Breach Lawsuit
The University of Washington School of Medicine is facing a class-action lawsuit over a data breach that impacted 974,000 patients.
Plaintiffs claim UW Medicine failed to "properly secure and safeguard" patients' personal health information (PHI), resulting in the exposure of data that included patient names, medical record numbers, and other healthcare data.
Earlier this month, UW Medicine reported that a misconfigured server had resulted in patient data's being exposed online for a three-week period. The breach was identified when a patient came across a file containing their own PHI data during a routine Google search and reported it to UW Medicine.
After an internal investigation into the incident, UW Medicine found that an employee error had left a database containing patient data exposed from December 4 to December 6, 2018.
"Because Google had saved some of the files before December 26, 2018, UW Medicine worked with Google to remove the saved versions and prevent them from showing up in search results," officials said at the time. "All saved files were completely removed from Google’s servers by January 10, 2019."
UW Medicine said that the compromised data did not include financial information or Social Security numbers. Data that was exposed included details regarding what tests patients had undergone.
Judging from the wording of the complaint filed in King County Superior Court, the plaintiffs aren't certain exactly what information was exposed in the breach. Among other things, the plaintiffs are seeking an order that will require UW ..