The protected health information of 1,350 patients at the Calif.-based Sonoma Valley Hospital was compromised after an employee accidentally uploaded patient information to the hospital website.

Patient information including names, dates of care, medical procedures, surgeon, hospital financial charges, and insurance company data for the 1,350 surgical patients was sitting on the site for more than two months before being discovered April 17, according to a report by Sonoma Valley Sun.

[See also: Stanford reports fourth HIPAA breach.]

All the patient PHI could be located through search engines, officials say.

“We have apologized to the patients involved for our error and assured them that we have taken action to understand the cause of the breach and strengthen policies and controls protecting patient information,” said Richard Reid, chief finance and compliance officer at the 83-bed SVH, in a statement.

Since the August 2009 Breach Notification rule requiring that HIPAA-covered entities provide notification following a breach involving more than 500 patients, some 4.2 million patients have had their protected health information compromised in California data breaches, according to data from the Department of Health and Human Services. 

[See also: ISU hands over $400K for HIPAA violation.]