In a routine internal audit, Memorial officials learned an email containing patients’ names and internal encounter numbers had been sent to a single, external email address as a result of a clerical input error. The error was corrected immediately upon its discovery, and the information in the email was encrypted to require a password to open it. No financial information, Social Security numbers, diagnoses, symptoms or other demographic information was disclosed.
Memorial hasn’t be able to confirm whether the email address was actively in use, or if the information was received, but based on the results of its investigation, it has no reason to believe any of the information was accessed. Out of an abundance of caution, Memorial reported the incident to HHS, as required under HIPAA.
More articles on cybersecurity:
UC San Francisco, Samsung partner on blood pressure app for research
Researchers use EHRs to identify hypertension among safety-net patients
NIH’s genome institute to unveil new roadmap for genomics research in 2020
