The staff member sent an email to patients on April 15 detailing its transition to telehealth. The email included patients’ email addresses, which in some cases included the patients’ full names. The email did not contain any other personal or protected health information and the clinic reported “no significant risk” of patients’ email accounts being compromised.
The breach affected 999 individuals, according to the HHS report on the incident. The clinic notified patients of the breach as well as local media outlets and government authorities, as required.
More articles on cybersecurity:
Colorado med center IT network still down after April 21 attack
Email phishing attack at Advocate Aurora hospital affects 27,137 individuals
5 things for CISOs to know during COVID-19 pandemic
