If you applied for a job at Sidney Regional Medical Center in Nebraska, you may be receiving a breach notification letter in the mail soon, as they’re being sent out today.
On December 12, Sidney Regional Medical Center learned that a previous version of their web site had been stored on a server without proper settings to block indexing by search engines. The mistake was discovered by a former applicant who was googling her own name.
As a result of the configuration error, employee authorization forms with applicants’ names, addresses, Social Security numbers, and driver’s license numbers were exposed in search engines.
Lawyers for the medical center did not disclose for how long the exposure occurred, and the center was unable to determine whether the files had been accessed by anyone other than the individual who discovered the breach, and if so, by whom and how often. All those affected are being offered free credit monitoring services.
You can read the report to the Maryland Attorney General’s Office here (pdf).