The personal information of about 2,800 patients who scheduled appointments at Ohio State University Medical Center in Columbus was mistakenly posted online, hospital officials said. The information included names, addresses, phone numbers, birth dates, Social Security numbers and the reason the patients were making appointments. The information posted did not include medical records.
Those affected all scheduled or changed appointments on April 19, 2004. Hospital officials said they pulled the file from the Internet immediately after someone notified them three weeks ago that he had stumbled upon it. All those affected were sent letters Wednesday telling them the university will pay for a yearlong credit-protection service.
Margaret Johnson, privacy officer for the health system, said officials have no idea how long the information was on the Internet.