DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Guardant notifies patients of unintended information exposure going back to October 2020

Posted on May 6, 2024 by Dissent

A notification by Guardant Health, Inc. in California (“Guardant”) caught DataBreaches’ eye yesterday.

Guardant is a laboratory that performs cancer screening tests on samples received from its physician and hospital partners. Patient information that they received may have been inadvertently exposed between October 5, 2020 and February 29, 2024.

They explain:

Guardant recently determined that a file containing certain personal information related to samples collected in late 2019 and 2020 was inadvertently made available in a publicly accessible online platform. Guardant promptly removed the file from the online platform and initiated an investigation. The investigation revealed that a Guardant employee inadvertently transferred the file to the platform. The file was believed to have been transferred in October 2020, and on March 4, 2024, we were able to determine, based on a review of available records of activity, that the file was copied by unidentified third parties between September 8, 2023 and February 28, 2024.

They do not explain whether their access logs went back to October 2020 or if they were unable to determine if there was any access prior to September 8, 2023. Nor do they explain why it took them almost six months to discover that the file was being accessed by unidentified parties.

The information contained in the file varied per individual but may have included some or all of the following: names, ages, medical record and identification numbers, and medical information such as treatment information and dates, and test results. Significantly, no financial information or Social Security numbers were contained in the file.

They add:

As general good practice, it is recommended that you regularly monitor statements from your medical providers for any irregularities.

It’s also generally good practice to monitor and audit your system and files. How did this error go undetected for more than three years?

Their notification, submitted to the California Attorney General’s Office, does not disclose how many patients had data accessed by unidentified third parties. The incident has not yet appeared on HHS’s public breach tool.

DataBreaches contacted Guardant yesterday seeking additional details and an explanation of why the error went undetected for more than three years. No reply has been received by publication.

 

Category: Commentaries and AnalysesExposureHealth DataU.S.

Post navigation

← More than 380,000 additional NYC students had info breached in 2022 Illuminate Education hack
Will feds reveal anything exciting about LockBit and LockBitSupp? (YES!) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.