The incident happened in late July when a university official sent bulk emails to students about renewing health insurance coverage. In the emails, the employee did not hide the students’ identities.
In a statement, ASU said, “The only items of protected health information released were the students’ email addresses. No other PHI was released.”
Since the incident, ASU has adopted new procedures to improve data protecting, including establishing more review and approval levels for mass email distribution, KTVK reports.
More articles on cybersecurity:
3 email cybersecurity vulnerabilities specific to healthcare
Ohio ophthalmology practice hit by ransomware attack
NYC fire department loses external storage device with 10,000+ patients’ information
