The health system discovered the Feb. 5 breach within an hour of its occurrence and contacted the recipient, who was directed how to permanently delete the attachment from the email and all devices, according to Campbell County Health’s Feb. 15 news release.
The attachment contained information including patient names, account numbers and type of insurance.
The community health system said it is implementing process changes based on the outcome of its investigation and that all employees will be required to participate in additional education and best practices in safeguarding protected health information.
More articles on cybersecurity:
HIPAA Right of Access cases surpass $1M –16 providers that have paid settlements
30 popular mobile health apps vulnerable to cyberattacks, PHI exposure
Sharp HealthCare settles HIPAA violation for $70K
