The University of Louisville says a computer programming error made some personal information about hundreds of dialysis patients in its Kidney Disease Program accessible from outside the program.
University spokesperson Mark Hebert says the vulnerability was discovered about two weeks ago.
“It was not password protected, so some personal information regarding about 700 patients got out into the public domain on the internet. It was their Social Security numbers, some medical information and the names of these patients,” he said.
Hebert says the website, which has since been shut down, was still not easily accessible and there were no direct links to the database. There have been no complaints of identity theft.
He says the university has offered to pay for credit monitoring for the patients or their next-of-kin for up to one year.