DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Memorial Sloan-Kettering Cancer Center breach exposes patient data – but when?

Posted on April 6, 2010 by Dissent

Does anybody recognize this breach?  The information was found in Google’s cache:

Memorial Sloan-Kettering Cancer Center Information Website

FREQUENTLY ASKED QUESTIONS
Data Compromise Questions

1. What has happened?
Patient information was inadvertently included in a software update to a website used by physicians, medical researchers and their staff. Sixteen users outside of MSKCC downloaded the software with the patient data in it.

2. What type of information was possibly compromised?
The personal information included name, medical record number and diagnosis. It did not include your Social Security Number.

3. Was my information stolen? Sold?
Based on our investigation and the limited users who downloaded the application, we believe your information was not involved in any theft, or accessed in a manner deemed inappropriate.

4. Why didn’t you report the loss of the data sooner?
With any such event, it takes time to gather the relevant information, identify those impacted, and obtain the assistance services that are being offered so we can appropriately assist our affected patients. It was important to MSKCC that we identify who was and was not affected, and the extent of the potential exposure so that MSKCC didn’t unnecessarily alarm anyone. Additionally, MSKCC took immediate action to stop the problem as soon as it was discovered.

5. What is Memorial Sloan-Kettering Cancer Center doing to prevent this kind of loss from happening again?
MSKCC is undertaking a comprehensive investigation of the circumstances that led to this incident. They have taken immediate steps to correct the problem and will take additional steps necessary to prevent this problem from recurring again.

[…]

I’ve emailed the hospital twice to ask whether this is a recent breach or an older one, but have gotten no response to date.  Anyone know?

Category: Health Data

Post navigation

← Technology vs Policy for privacy
Flawed Assumptions in the Albert Gonzalez Case →

7 thoughts on “Memorial Sloan-Kettering Cancer Center breach exposes patient data – but when?”

  1. Anonymous says:
    April 6, 2010 at 7:07 pm

    Is tis in NY? It was part of 911 incident then.

  2. Anonymous says:
    April 6, 2010 at 7:48 pm

    Yes, the hospital’s in New York, but I’m not sure why you think it was part of a 9/11-related breach. Are you thinking of the World Trade Center Medical Monitoring Program? Sloan-Kettering isn’t one of the sites in that program as far as I know.

    I suspect that this was a glitch in something that supports one of their own research studies.

    The page was originally at:
    http://www.idexpertsmskcc.com/FAQ.aspx

    1. Anonymous says:
      April 7, 2010 at 1:00 pm

      Dissent- change last reply: Perhaps, I just remember that in all the confusion there was one hospital accepting wounded that had a worker stealing ids. It was not a monitoring center but a hospital.

      [At Golde’s request, I deleted another comment she had submitted].

  3. Anonymous says:
    April 7, 2010 at 9:04 am

    I am the Director of Communications at Memorial Sloan-Kettering Cancer Center and in response to your question, those affected by this were notified in the summer of 2009, shortly after we became aware of the problem. I am not sure what email address you used but our office monitors all email to the address on our web site and we didn’t recieve your inquiry.

    1. Anonymous says:
      April 7, 2010 at 11:20 am

      Hi Christine,

      Thanks for clarifying the breach.

      The email address I used for both emails was [email protected] which is the address I got from the hospital’s web site.

      I got no response to the first one which was dated March 31, so I requested a receipt on the second one, which was emailed on April 1. The receipt for the second one came back this way on April 5:

      Not read: Second request [Fwd: Recent data security breach?]
      From: “Media Staff /Public Affairs”
      Date: Mon, April 5, 2010 20:15
      To: “[email protected]”
      Priority: High

      Was that not the correct email address?

  4. Anonymous says:
    April 7, 2010 at 1:02 pm

    I have not found any information in 2009 of a breach at this facility. Was it made public?

    1. Anonymous says:
      April 7, 2010 at 2:46 pm

      If it had been made public, I probably would have known about it or been able to track it down online. That’s why I was asking as to when this was.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.