Hospitals Are Throwing Sensitive Patient Information Out With the Recycling

We may earn a commission from links on this page.

Heath data is some of the most sensitive information out there, and modern life sometimes puts that information at risk of being exposed. Hackers could break into insurance company records and steal customer medical information. A hospital you’ve visited could experience a data breach. You could spit in a tube to find out about your ancestry, and a company could sell your genetic information to a third party.

Or, you know, someone could just go dumpster diving behind a hospital and find a treasure trove of valuable patient information.

Researchers conducted a “recycling audit” of five hospitals in Toronto between November 2014 and May 2016 and found that frequently hospitals improperly threw out sensitive patient information. All the hospitals had policies designed to get rid of confidential patient health information without potentially exposing it, along with shredders to get the job done. And yet, when researched collected hospital recycling three times a week over a four week period, they found a total of 2,687 documents with personally identifiable information, often documents like clinical notes and medical reports. They describe their findings in a new letter published in the journal JAMA.


Health data is valuable to hackers—probably more so than your credit card digits—because data like names, birth dates, policy numbers, diagnosis codes, and billing information can be used to create fake IDs to buy medical equipment or drugs that can be resold. It’s also often less quickly identified, meaning a hacker can take advantage of stolen data for years before it’s discovered.

Between 2009 and 2016, hospital data breaches accounted for approximately 30 percent of reported large data security incidents. Things like aging computer systems making hospitals and other healthcare providers often an easy target. But just throwing out the records with the recycling? Come on.