Data Breach at Rady Children's Hospital Exposes Thousands

A "human error" has exposed thousands of patients to a breach

By Consumer Bob

Rady Children's Hospital spends lots of time and money protecting its patient information from outside hackers. But it was a mistake by an employee that recently exposed the information of more than 14,100 patients.

"Unfortunately when the file was emailed, attached to it was the original file, it was complete human error," explained Rady Children's Hospital acting President Donald Kearns.

The attachment was sent to potential job applicants for an internal evaluation. But instead of sending approved information, a collection of real patient data was released to six applicants.

The breach included names, dates of birth, primary diagnoses, medical records and insurance carrier claim information. But no social security or credit card numbers were included, nor were street addresses or parent and guardian names.

Over the weekend, the hospital created a communication center staffed by physicians, managers and other employees to call the 14,121 families included in the breach. The file contained information on patients admitted to Rady Children's between July 1, 2012 and June 30, 2013.

"Some families were upset," said Kearns. "But the vast majority understood that this is something that was not done purposely. This is something that was done on a human error."

Eva Velasquez with the Identity Theft Resource Center said internal breaches like this are a big problem.

Local

news Apr 15

Share your feedback with NBC 7 San Diego

Things to Do in San Diego 8 hours ago

Things to do this weekend in San Diego: 54th Chicano Park Day Celebration, Spring Sake Festival and more

"As much as companies are trying to stem the tide of these breaches," said Velasquez, "employee negligence is actually going up when we categorize breaches."

Velasquez says 7 percent of identity theft breaches were from internal negligence in 2012. That number climbed to 9.3 percent in 2013 and year-to-date in 2014, the number is 10.2 percent.

Rady Children's has notified county and state officials and will also need to report the breach to federal regulators. When hospital officials investigated the problem, they discovered a second breach of inpatient or outpatient treatment information between June 2009 and June 30, 2010.  That breach included 6,307 patients.

Rady Children's hospital will be sending out letters to everyone included in the breach.

Local In Your Neighborhood Listen: NBC 7's Podcasts NBC 7 Responds NBC 7 Community Breakfast Buzz Down to Earth With Dagmar Decision 2024 Military Weather Investigations Submit a tip California SportsWrap San Diego Padres U.S. & World Videos Entertainment In Your Neighborhood California Live
About Us Our News Standards Submit a Consumer Complaint Submit Photos and Video Contests Our Apps Newsletters Cozi TV
Contact Us