IOWA CITY, Iowa (AP) — The University of Iowa Hospitals and Clinics says it accidentally posted online the names, admission dates and medical records numbers of around 5,300 current and former patients for two years.
The University of Iowa Health Care said in a news release Tuesday that “a limited set of data” was inadvertently saved in unencrypted files posted online through an application development site. The release doesn’t explain how it happened.
Spokesman Tom Moore says an online security expert reported the posting April 29. The files were deleted two days later. He says the website where it was posted confirmed the files were not copied. Moore also says the files didn’t contain clinical information, Social Security or credit card numbers.
University of Iowa Health Care notified the patients through a June 22 letter.