The spreadsheet first became available on the site last September as an attachment to a question supposedly posed by a student on Student of Fortune, a website that lets students solicit help with their homework for a fee. The question sought help on how the medical data in the attachment could be presented as a bar graph, according to on Thursday.

Stanford University officials did not respond to multiple requests for comment by Computerworld.

According to the Times, the spreadsheet contained names, diagnosis codes, account numbers as well as admission and discharge dates for about 20,000 patients who visited the Emergency Room at the hospital in 2009. No Social numbers, addresses, birthdates, or credit card details were compromised in the breach. Even so, Stanford has agreed to pay for identity theft monitoring services for the victims.

The hospital learned about the spreadsheet this August when a patient noticed it on the Student of Fortune website and informed the hospital about it. The spreadsheet was taken down immediately once the site learned about it.

Stanford has since suspended its relationship with the billing contractor and has asked it to either destroy or securely return all Stanford patient-related data it currently has in its possession, the Times quoted a hospital spokesman as saying.