The medical files of nearly 1 million patients of University of Washington Medicine were visible on the internet for at least three weeks in December, UW Medicine said Wednesday.
The files, which were exposed on Dec. 4 because of “an internal human error” were internal files that the hospital system used to document when it shared patient information, for instance with public-health authorities or law enforcement.
The files contain patients’ names, medical record numbers, a description of the information shared and a description of who it was shared with, UW Medicine said in a news release, although in some cases the files included the name of a lab test or the name of a research study.
The hospital system said it discovered the error Dec. 26 and immediately fixed it, but Google had saved some of the files. UW Medicine said it worked with Google to removed saved versions and prevent them from showing up in search results. All saved files were removed by Jan. 10, UW Medicine said.
The files do not include specific health information, social security numbers or financial information, UW Medicine said.
“At this time there is no evidence that there has been any misuse or attempted use of the information exposed in this incident,” the UW Medicine news release from spokeswoman Susan Gregg said.
UW Medicine includes the University’s medical school as well as Harborview Medical Center, the UW Medical Center, Northwest Hospital and Medical Center, Valley Medical Center and more than two-dozen neighborhood clinics scattered around the Puget Sound region.
The hospital system said it is in the process of sending letters to approximately 974,000 patients whose data was exposed.
King County Councilmember Reagan Dunn said he would introduce legislation calling for a commission to investigate the data breach.
“This is a breach of data, but it’s also a massive breach of the public’s trust,” Dunn said in a prepared statement.
This story will be updated