Updates to Memorial Sloan-Kettering breach report
As an update to the Memorial Sloan-Kettering breach mentioned previously, Christopher Twarowski and Rashed Mian of the Long Island Press report:
The personal and medical data of a still-undisclosed number of Memorial Sloan-Kettering Cancer Center patients were erroneously posted on the Internet and accessible for manipulation for more than six years before being detected by the hospital in April, according to letters being sent out this week to those affected.
The paper, which originally broke the story on the breach and obtained a copy of a patient notification letter, provides additional details.
The hospital subsequently uploaded a statement to its web site indicating that 880 patients were affected by a series of incidents.
Our investigation discovered five separate incidents of PowerPoint files, each of which affected different groups of patients, contained different data elements, and was posted to the web pages of the professional medical organizations for different periods of time. The largest file affected 568 patients from various states, and each of the other four incidents affected 37, 59, 104, and 112 individuals, respectively.