Stanford University's hospital in Palo Alto, Calif., is offering identity theft protection to 20,000 patients after discovering that their personal information was visible online for almost a year.
The exposed information includes names, account numbers, billing charges and other personal information, The New York Times reported Thursday. The data did not include Social Security numbers or credit card account numbers.
The exposed information was in a spreadsheet from a billing contractor. The spreadsheet was posted online at a homework-help website on Sept. 9, 2010, the article said. The person who posted it asked for help in converting the data to a bar graph.
A patient discovered the breach and reported it to the hospital on Aug. 22, the Times reported. The hospital contacted the website, and the data was taken down the next day.
"It is clearly disturbing when this information gets public," Gary Migdol, a hospital spokesman, told the Times. "It is our intent 100 percent of the time to keep this information confidential and private."