An employee at a firm Sequoia contracts with posted the private data online around 2007. It was only just discovered.
Officials with Sequoia Hospital in Redwood City say the names and Social Security numbers of nearly 400 hospital employees were inadvertently posted to a public website.
The San Mateo County Times reported the breach on Thursday. It occurred in October 2007, but the information was not removed until last month after hospital officials learned of the error.
The hospital says an employee at a firm it contracts with, Towers Watson, posted the information online. The posting was apparently unintentional, and none of the employees reported becoming victims of identity theft.
Hospital officials say the information was not prominently displayed but could have been accessed through a targeted Internet search.
Towers Watson said in a statement it regretted the breach and maintains a strong commitment to protecting clients' data.