Memorial Sloan-Kettering Cancer Center breach exposes patient data – but when?
Does anybody recognize this breach? The information was found in Google’s cache:
Memorial Sloan-Kettering Cancer Center Information Website
FREQUENTLY ASKED QUESTIONS
Data Compromise Questions
1. What has happened?
Patient information was inadvertently included in a software update to a website used by physicians, medical researchers and their staff. Sixteen users outside of MSKCC downloaded the software with the patient data in it.
2. What type of information was possibly compromised?
The personal information included name, medical record number and diagnosis. It did not include your Social Security Number.
3. Was my information stolen? Sold?
Based on our investigation and the limited users who downloaded the application, we believe your information was not involved in any theft, or accessed in a manner deemed inappropriate.
4. Why didn’t you report the loss of the data sooner?
With any such event, it takes time to gather the relevant information, identify those impacted, and obtain the assistance services that are being offered so we can appropriately assist our affected patients. It was important to MSKCC that we identify who was and was not affected, and the extent of the potential exposure so that MSKCC didn’t unnecessarily alarm anyone. Additionally, MSKCC took immediate action to stop the problem as soon as it was discovered.
5. What is Memorial Sloan-Kettering Cancer Center doing to prevent this kind of loss from happening again?[…]
MSKCC is undertaking a comprehensive investigation of the circumstances that led to this incident. They have taken immediate steps to correct the problem and will take additional steps necessary to prevent this problem from recurring again.
I’ve emailed the hospital twice to ask whether this is a recent breach or an older one, but have gotten no response to date. Anyone know?