WHID 2007-35: Data lapse involved 51,000 at a hospital

In a classic case of lack of proper separation between the production and development sites, an application under production with lack of proper authentication and authorization was installed on a hospital's public web site, enabling anyone to query a database of 51,000 names, addresses and social security numbers.

Additional information:

• Data lapse involved 51,000, St. Vincent says [Indy Star, Jul 25 2007]