DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WA: Social Security Numbers of 20,000 Swedish Med. Ctr. employees exposed on the web for 9 weeks

Posted on July 20, 2011 by Dissent

Carol M. Ostrom reports:

Swedish Medical Center is alerting nearly 20,000 current and former employees that their personal information — including Social Security numbers — was accidentally made accessible on the Internet for a nine-week period.

Read more on Seattle Times.

A notice to employees, on an internal page of the medical center’s web site reads:

July 20, 2011
Notice: Accidental Disclosure of Employee Data

SEATTLE, July 20, 2011 – Swedish today announced that it has begun notifying 19,799 current and former employees that some of their personal information was inadvertently made accessible from the Internet for a nine-week period between mid-April 2011 and June 17, 2011. The disclosed information included first and last names and Social Security numbers.

Affected individuals include some, but not all, employees who worked at Swedish during all or part of the following years: 1994, 1995, 2002, 2003, 2004 and 2006. It does not affect employees who worked for Swedish Physician Division during that time period.

There is no evidence that any data has been used for identity theft or other illicit purposes. In addition, the information is no longer accessible online, as it was immediately removed upon learning of the accidental disclosure. Swedish is taking measures to support the affected individuals, including engaging an experienced firm specializing in personal data security to assist the individuals at no charge.

Swedish has contracted with Kroll, Inc., the world’s leading risk consulting company, to provide affected individuals free access to its ID TheftSmart™ service via packets mailed to them. Swedish leaders are encouraging the affected individuals to be vigilant and to contact Kroll if they notice any unusual activity.

“We take our responsibility to protect employee information very seriously,” emphasizes Joanne Suffis, Swedish vice president of Human Resources. “This incident was highly unusual, and we sincerely apologize for any concern or inconvenience it may cause current and former staff members and their families.”

Swedish has not used Social Security numbers as the employee ID since 2004 and has policies on employee use of Swedish information systems and remote access. Additional staff education is being conducted and further measures are being deployed to help prevent future occurrences.

“While it may be impossible for any large organization to completely eliminate mistakes like this, we are taking all necessary steps to review and strengthen internal procedures to ensure Swedish provides the highest level of employee data security,” says Suffis.

Estimated delivery date of letters to affected individuals is between Friday, July 22 and Monday, July 25. Swedish has established a phone line through Kroll. Anyone with questions is welcome to call 1-855-294-2544. Thank you for your patience.

Related posts:

  • Operation Anti Security Breakdown and targets, the full time line
  • Gaps In Hospital Security Policies Put Patient Data At Risk
  • Operation Orlando Attacks Time Line
Category: Breach IncidentsExposureHealth DataU.S.

Post navigation

← (Follow-up) Doctor named and blamed for patient files found in Regina dumpster; Dickson recommends prosecution
(Update) Yellowstone County website hack did expose personal information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.