Anemona Hartocollis of the New York Times answers one of the questions I had about the NewYork-Presbyterian Hospital/Columbia University Medical Center breach. Citing a hospital spokesperson, she writes:
The mistake was found in early July, after a relative of a patient found information from that patient on the Internet and told the hospital about it. The data was taken down soon after, but the problem was not announced until Monday because of the investigation.
So that’s how they found out, but it’s still not clear how it happened and whether they were able to determine how many people might have viewed the exposed information.
Read more in the NY Times.