Private data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, California, was posted on a commercial website without it been noticed for a year, the hospital confirmed according to a report from the New York Times.

The data included names and diagnosis codes for the patients. The government requires public reporting of breaches and imposes heavy fines.

The privacy data breach is specially notable becase it was posted on the website Student of Fortune - a site where students post questions and pay tutors for answers - as an attachment for about a year without been noticed.

The attachment was in the form of an excel document and the question was "How to convert the data into a bar graph", reports the paper.

Medical security experts said the breach revealed the "persistent vulnerability posed by legions of outside contractors that gain access to private data," according to the Times.