The Long Island Press’ Christopher Twarowski and Rashed Mian report that sensitive data on patients at the Memorial Sloan-Kettering Cancer Center was posted online for more than six years before the hospital uncovered the error in April.
“Memorial Sloan-Kettering discovered the data incident when it found graphs for a PowerPoint presentation that inadvertently contained embedded information, according to the report,” writes Becker’s Hospital Review’s Kathleen Roney. “Patient names, phone numbers, addresses and Social Security numbers may have been viewed if the PowerPoint presentation was manipulated.”
“The facility mailed letters to affected patients, stating that the presentation is no longer in use by staffers and has been deleted from their files,” writes SC Magazine’s Greg Masters.
In a statement posted on its Web site, Memorial Sloan-Kettering says it found that in five separate incidents, PowerPoint files posted online “inadvertently contained embedded information” that could easily be accessed. The largest of the files contained data on 568 patients, while the other four incidents affected 37, 59, 104 and 112 individuals.
“As soon as these incidents were discovered, we took immediate action and the information was removed,” the statement says. “Memorial Sloan-Kettering has taken significant measures to strengthen our information and data security systems. We have also taken corrective action with those involved and educated staff so that this situation does not occur again.”