HIPAA security gaffe puts PHI on Google

Approximately 33,000 individuals’ protected health information was exposed online after a security mistake by Cottage Health System. The incident occurred when IT services and solutions company, inSync, removed security protections without the health system’s knowledge. The exposed information included patient names, dates of birth, diagnoses, lab results, and account numbers. Cottage Health System immediately requested that Google remove the file from its systems and is taking steps to prevent such incidents in the future. This incident follows a similar one in which WellPoint was ordered to pay $1.7 million for an HIPAA violation.