San Diego's Rady Children's Hospital says the private health data of more than 20,000 young patients was mistakenly shared with a handful of job applicants.
In one breach this month a Rady employee emailed a spreadsheet that contained protected information to four applicants for data management jobs. The applicants subsequently forwarded the document on to two other people.
The hospital says the spreadsheet contained names, dates of birth, diagnoses, and other data including insurance claim information. It did not include street addresses or Social Security, insurance or credit card numbers.
In a previous breach, a different employee emailed a training exercise to three job candidates.
The hospital is notifying the parents of the patients whose information was shared.