A programming error in a database run by Seattle’s Fred Hutchinson Cancer Research Center exposed the personal information of 5,000 people to the web, GeekWire has learned.
The error was in a database that tracks inbound interest in taking part in vaccine trials through the Seattle Vaccine Trials Unit, a program run by Fred Hutch and the University of Washington.
Personal information including names, email addresses, phone numbers and coded ID numbers assigned to people interested in participating in trials were inadvertently made accessible to people outside the organization, a Fred Hutch spokesperson said.
Once Fred Hutch discovered the problem, it said it deactivated the page and conducted a security review that uncovered the programming error. The spokesperson said the review did not find any indication that the information was accessed or shared externally.
In an email to those affected by the data compromise, the organization said there is a “very low” risk that the compromise would be harmful.
Read the full message below:
We are lead investigators of the Seattle Vaccine Trials Unit (VTU), a program of Fred Hutchinson Cancer Research Center and the University of Washington. Our records show that you contacted us within the last five years and expressed interest in our research studies. We recently learned about a programming error in the database we use to maintain a record of people who contact us. We are writing to inform you that, because of this programming error, the confidentiality of information about you was compromised and may have been seen by unauthorized individuals worldwide through the internet. Your name, phone number, email address (if you provided one) and study ID number (if you participated) may have been unintentionally exposed. No other confidential information about you (including medical or protected health information) was exposed.
We have taken several steps to resolve this error. Upon learning of the issue, the database was disabled immediately until the programming could be corrected. The error has been fixed. The Fred Hutchinson Cancer Research Center Information Security Office (“ISO”) has performed a complete assessment of the database and has implemented several additional information security measures to help prevent your information from being exposed ever again. Because the data exposed was limited to your contact information and possibly a coded ID number, the ISO has determined that the potential risk that this event would cause you harm is very low.
The confidentiality of your information is incredibly important to us and we are very sorry that this error occurred. The VTU strives to protect your privacy and confidentiality throughout all of our interactions. If you have any questions about this event or your data please do not hesitate to contact us at 206-667-2300.
Editor’s note: This story has been updated to better describe the ID numbers that were exposed. The ID numbers were assigned to individuals interested in participating in trials and did not specify any clinical trial they took part in.