From the Tiversa press release:
Tiversa today announced the findings of new research that revealed 13,185,252 breached files emanating from over 4,310,839 sources on P2P file-sharing networks within a twelve month period from March 01, 2008 – March 01, 2009.
[…]
The files analyzed included only those identified on behalf of Tiversa’s existing customer base during the 12 month period. It’s also important to note that the referenced files are business documents only (.doc, .xls, .pdf, .pst, etc). Music, software and movie files (.avi, .mov, .wma, .mpeg4, .mp3, etc) were not included in the study.
[…]
In a typical day, Tiversa might see the Protected Health Information (PHI) of tens of thousands being disclosed by a hospital or medical billing company, the Personally Identifiable Information (PII) of an organization’s global workforce being exposed through a third-party payroll provider and a Fortune 500 company exposing corporate IP, such as pre-patent documentation or executive board minutes.”
[…]
Over a two-week period, Dartmouth College researchers and Tiversa searched file-sharing networks for key terms associated with the top ten publicly traded health care firms in the country, and discovered a treasure trove of sensitive documents. Found was a spreadsheet from an AIDS clinic with 232 client names, including Social Security numbers, addresses and birth-dates. Discovered were databases for a hospital system that contained detailed information on more than 20,000 patients, including Social Security numbers, contact details, insurance records, and diagnosis information.
Also identified was a 1,718-page document from a medical testing laboratory containing patient Social Security numbers, insurance information, and treatment codes for thousands of patients, as was 350+ megabytes of data comprising sensitive reports relating to patients of a group of anesthesiologists.