Minnesota hospital notifies patients of breach after failing to 'BCC' a mass email

Julie Spitzer - Print  | 

Waconia, Minn.-based Ridgeview Medical Center alerted patients Sept. 8 of a security breach that affected some of their personal information, a hospital spokesperson told Becker's Hospital Review.

Ridgeview Community Network, an ACO that includes Ridgeview Medical Center, exposed some members' email addresses July 10 and July 11 when it sent a general survey request via email. The message did not blind-copy the email addresses, allowing all recipients to view the addresses of other recipients. No other patient, medical or identifying information was breached.

Hospital staff have been re-educated about the need to keep protected health information safe at all times, the spokesperson said.

More articles on cybersecurity: 

HHS OIG: Alabama failed to secure Medicaid data, IT systems

Washington VA notifies patients of compromised PHI after laptop goes missing

SEC discloses system hack

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.