(CBS/AP) A patient privacy breach at a prominent California hospital serves as a reminder that records aren't as secure as patients may hope.
The breach at Stanford Hospital in Palo Alto, Calif., exposed the names and diagnoses of 20,000 patients who visited the hospital's emergency department between March 1, 2009, and Aug. 31, 2009 are affected.
Stanford Hospital said in a statement that the file containing the confidential information was created by an unnamed subcontractor employed by, Multi Specialties Collection Services, a hospital vendor.
Multi Specialties is investigating how the subcontractor caused information to be posted, while Stanford has suspended working with the vendor.
Gary Migdol, a spokesman for the hospital, told the New York Times he expected the Department of Health and Human Services to conduct its own investigation.
"This incident was not caused by the hospital, and responsibility has been assumed by a contractor working with the vendor," the hospital said.
The breached information also contained medical record numbers, emergency room admission and discharge dates, and billing charges. It did not contain credit card or Social Security numbers, information often used for identity theft.
"The hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved in not associated with identity theft," the hospital said.
The website where the file was posted, called "Student of Fortune," allows students to pay for help with their school work, according to the Times, which first reported the breach.
The truth is medical breaches like this one aren't rare. Data from more than 11 million people have been improperly exposed in the last two years alone, according to the Times.
This current breach serves as a reminder that major hospitals are not immune to these mistakes. Recently, Massachusetts General Hospital had to pay a $1 million federal fine after a hospital employee left patient medical records on a subway train, a third of which were diagnosed with HIV/AIDS, the Boston Globe reported.
The U.S. Department of Health & Human Services has more on health information privacy.