Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years.

The California-based firm, which has performed over 500,000 blood tests, is notifying an undisclosed number of individuals that an employee inadvertently exposed their private medical data.

The data, which included patient names, ages, medical record numbers, treatment details, and test results, was related to samples collected in late 2019 and 2020.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Guardant admits the information was mistakenly uploaded by an employee and left exposed from October 5, 2020, to February 29, 2024, before being discovered

Accessed by Unauthorized Third Parties

Compounding the severity of the breach, Guardant warns that the exposed patient data was accessed and copied by “unidentified third parties” between September 8, 2023, and February 28, 2024.

According to the BitDefender reports, this raises serious concerns about potential fraud, identity theft, and privacy violations for the cancer patients affected.

Many of the impacted individuals are likely unaware that Guardant was even storing their data, as their samples were sent for testing by their physicians and hospitals.

While the company states that financial information and Social Security numbers were not included, criminals could exploit the sensitive medical data alone.

Guardant has not disclosed the total number of patients affected or explained how such a glaring security lapse went unnoticed for so long.

The company advises patients to monitor their medical statements for irregularities, but this generic guidance provides little reassurance.

The breach at Guardant Health is the latest example of how third-party vendors can put patients’ highly personal medical data at risk when proper security controls are not in place.

With the frequency and costs of healthcare data breaches rapidly rising, companies entrusted with sensitive patient information must prioritize data protection.

As a result of this incident, Guardant Health now faces potential legal action, financial penalties, and a loss of patient trust. 

Law firms have already announced they are investigating the breach on behalf of affected individuals.

This breach is an unfortunate reminder that in the age of digital health data, a single-employee mistake can have devastating privacy consequences for vulnerable patients.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide