On Aug. 3, the clinic employee emailed a spreadsheet containing patients’ information to an external email account, which was not encrypted. After discovering that the email had been sent by mistake, the employee contacted the recipient and asked for the message to be deleted. The recipient said they deleted it and that they never opened the attached spreadsheet.
Patient information contained in the spreadsheet included names, addresses, phone numbers, birthdates, medical record numbers and insurance details. The breach did not involve Mankato Clinic’s EHR.
After investigating the incident, the clinic determined that it occurred because of its email system’s autocomplete feature, which inputted the name of the colleague with the external email account when the sender typed the intended recipient’s name.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
