Guardant Health, a laboratory known for conducting cancer screening tests, has experienced a significant data breach affecting patient information. The breach originated from a file that contained personal details of patients, which was unintentionally made available on a publicly accessible online platform. This file included sensitive information such as names, ages, medical record numbers, treatment information, and test results collected in late 2019 and 2020. Importantly, the file did not contain any financial information or Social Security numbers.
The breach was traced back to an inadvertent action by a Guardant employee who transferred the file to the online platform in October 2020. It was not until March 4, 2024, that Guardant confirmed the file had been accessed by unidentified third parties between September 8, 2023, and February 28, 2024. This delay in detection and the subsequent prolonged period before identification of the breach raise concerns about the internal security measures and monitoring practices of the company.
In response to the incident, Guardant Health removed the file from the online platform and launched an investigation to understand the extent and implications of the exposure. They have not disclosed the number of patients affected but have notified the California Attorney General’s Office of the breach. Patients have been advised to monitor statements from their medical providers for any irregularities that may indicate misuse of their exposed information.
