DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Memorial Sloan-Kettering Cancer Center breach exposes patient data – but when?

Posted on April 6, 2010 by Dissent

Does anybody recognize this breach?  The information was found in Google’s cache:

Memorial Sloan-Kettering Cancer Center Information Website

FREQUENTLY ASKED QUESTIONS
Data Compromise Questions

1. What has happened?
Patient information was inadvertently included in a software update to a website used by physicians, medical researchers and their staff. Sixteen users outside of MSKCC downloaded the software with the patient data in it.

2. What type of information was possibly compromised?
The personal information included name, medical record number and diagnosis. It did not include your Social Security Number.

3. Was my information stolen? Sold?
Based on our investigation and the limited users who downloaded the application, we believe your information was not involved in any theft, or accessed in a manner deemed inappropriate.

4. Why didn’t you report the loss of the data sooner?
With any such event, it takes time to gather the relevant information, identify those impacted, and obtain the assistance services that are being offered so we can appropriately assist our affected patients. It was important to MSKCC that we identify who was and was not affected, and the extent of the potential exposure so that MSKCC didn’t unnecessarily alarm anyone. Additionally, MSKCC took immediate action to stop the problem as soon as it was discovered.

5. What is Memorial Sloan-Kettering Cancer Center doing to prevent this kind of loss from happening again?
MSKCC is undertaking a comprehensive investigation of the circumstances that led to this incident. They have taken immediate steps to correct the problem and will take additional steps necessary to prevent this problem from recurring again.

[…]

I’ve emailed the hospital twice to ask whether this is a recent breach or an older one, but have gotten no response to date.  Anyone know?

Related posts:

  • Updates to Memorial Sloan-Kettering breach report
  • Memorial Sloan-Kettering Patient Information Embedded in PowerPoint Uploaded to External Sites
  • Choice Cancer Care Treatment Center notifies patients of May data security incident
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
Category: Health Data

Post navigation

← Technology vs Policy for privacy
Flawed Assumptions in the Albert Gonzalez Case →

7 thoughts on “Memorial Sloan-Kettering Cancer Center breach exposes patient data – but when?”

  1. Anonymous says:
    April 6, 2010 at 7:07 pm

    Is tis in NY? It was part of 911 incident then.

  2. Anonymous says:
    April 6, 2010 at 7:48 pm

    Yes, the hospital’s in New York, but I’m not sure why you think it was part of a 9/11-related breach. Are you thinking of the World Trade Center Medical Monitoring Program? Sloan-Kettering isn’t one of the sites in that program as far as I know.

    I suspect that this was a glitch in something that supports one of their own research studies.

    The page was originally at:
    http://www.idexpertsmskcc.com/FAQ.aspx

    1. Anonymous says:
      April 7, 2010 at 1:00 pm

      Dissent- change last reply: Perhaps, I just remember that in all the confusion there was one hospital accepting wounded that had a worker stealing ids. It was not a monitoring center but a hospital.

      [At Golde’s request, I deleted another comment she had submitted].

  3. Anonymous says:
    April 7, 2010 at 9:04 am

    I am the Director of Communications at Memorial Sloan-Kettering Cancer Center and in response to your question, those affected by this were notified in the summer of 2009, shortly after we became aware of the problem. I am not sure what email address you used but our office monitors all email to the address on our web site and we didn’t recieve your inquiry.

    1. Anonymous says:
      April 7, 2010 at 11:20 am

      Hi Christine,

      Thanks for clarifying the breach.

      The email address I used for both emails was [email protected] which is the address I got from the hospital’s web site.

      I got no response to the first one which was dated March 31, so I requested a receipt on the second one, which was emailed on April 1. The receipt for the second one came back this way on April 5:

      Not read: Second request [Fwd: Recent data security breach?]
      From: “Media Staff /Public Affairs”
      Date: Mon, April 5, 2010 20:15
      To: “[email protected]”
      Priority: High

      Was that not the correct email address?

  4. Anonymous says:
    April 7, 2010 at 1:02 pm

    I have not found any information in 2009 of a breach at this facility. Was it made public?

    1. Anonymous says:
      April 7, 2010 at 2:46 pm

      If it had been made public, I probably would have known about it or been able to track it down online. That’s why I was asking as to when this was.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.