Alphabet Inc.'s Google has now added personal medical records to the list of things it’s willing to remove from search results upon request.

Starting this week, individuals can ask Google to delete from search results “confidential, personal medical records of private people” that have been posted without consent. The quiet move, reported by Bloomberg, adds medical records to the short list of things that Google polices, including revenge porn, sites containing content that violates copyright laws, and those with personal financial information, including credit card numbers.

The policy change appears aptly timed. Earlier this month, a congressionally mandated task force—The Health Care Industry Cybersecurity Task Force report—reported that all aspects of health IT security are in critical condition . And last month, the WannaCry ransomware worm affected 65 hospitals in the UK.

The BBC notes that in May, hackers demanded ransoms from patients who had gone to a Lithuanian clinic for plastic surgery procedures. The hackers had stolen pictures and other health information.

In the past, health records have also been posted online accidentally, Bloomberg notes. A pathology lab in India inadvertently published the health records of 43,000 patients in December, for instance. Those records include sensitive information, including names and HIV blood tests.