University of Washington Unprotected Database Exposes 974000 Patients

Last updated September 24, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist
Image Source: prairielinetrail.org

Healthcare data leaks have no end, as another unprotected database that was misconfigured by mistake has exposed the personal information of about a million patients of the University of Washington (UW) medical center. The UW personnel became aware of the fact that the particular database was left open to access on December 26, 2018, and upon further investigation, they figured that the database misconfiguration occurred on December 4. This means that the database was visible and accessible over a period of 22 days, more than enough for data collectors to locate it and dump the data. The reason why it took UW almost two months to report the incident is the time it took them to complete the relevant investigation.

The actual discovery came from the report of a patient, who Googled his name and got back the database entry in the search results. The personal health information contained in the database includes full names, medical record numbers, and lab research-related details. The data provided no in-depth medical records, financial information, or social security numbers. UW clarifies that parts of this data were shared with other parties as well, in accordance with the notice of privacy practices signed by the patients. However, and due to the nature of the leaked data, the risk of identity theft for the affected people is considered negligible.

Having concluded the investigation that allowed the specific determination of who was affected, UW has already started sending letters to the compromised patients. Those who have received a letter can call on 844.322.8234 to ask for more details or clarifications; however, no further action is required by them. A dedicated website to aid people and provide more information has also been created. If you have been part of a UW research and have not received a letter, it means that you have not been compromised. According to the ID Experts vendor who helped UW with the investigation, there have not been any reports of misuse or attempt to use the information that was leaked.

Have you taken part in a research program conducted by the University of Washington? Share your comments in the section beneath, and help us spread the word by sharing this piece through our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: