A patient searching for her own name online discovered a data breach at academic medical center UW Medicine in Seattle that affected around 974,000 patients. UW Medicine is blaming a “misconfigured database” for the incident, which left internal files unprotected and visible online for more than a month.
UW Medicine said in a statement that it believes the risk of identity theft to those involved in the breach is “negligible” since “no financial information or Social Security numbers were exposed.” Because of this, UW Medicine will not be offering credit monitoring to those affected, a spokesperson said.
According to UW Medicine, the database first was exposed on Dec. 4 “due to an internal human error.” A patient found the information after Googling her own name and reported it to UW Medicine, which “fixed the error immediately upon discovery” on Dec. 26. UW Medicine then worked with Google to remove caches of the information, which took until Jan. 10.