Melissa McEver reports in the Brownsville Herald:
All it took was a quick Internet search to yield private medical information on more than two dozen Rio Grande Valley children.
Until Thursday, the Web site of a children’s rehabilitation clinic had a link to spreadsheets containing the full names, phone numbers and insurance status of about 25 patients.
The information was in a backup folder linked to the Web site, not on the site’s main page. But a link to the data pops up in a search using Google.
[…]
The clinic, New Beginnings Children’s Therapy, removed the spreadsheets from its Web server Thursday. Office manager Claudia Flores said she didn’t realize the information was posted to the site or accessible to the public. The clinic had hired a company to back up some of its files back in 2005, Flores said.
“We need to fix that – we don’t want to violate any (laws),” Flores said Thursday.
According to a time stamp on the site, the data was posted in December 2005, meaning the data might have been accessible for more than two years.
Full story – Brownsville Herald