The health system said that on June 3 an employee had sent an email that included an attachment with data from 507 patients. The attachment included patients’ names, medical record numbers, payment histories and insurers.
A limited number of patients’ diagnoses information was also on the attachment.
Memorial Hermann contacted the recipient immediately following discovery of the incident, and obtained assurances that the document was deleted.
“At this time, Memorial Hermann does not believe that the protected health information involved was or will be further disclosed,” the health system said in a statement.
Editor’s note: This article was updated July 2 to indicate a single person was emailed the information and that Memorial Hermann has contacted the recipient.
More articles on cybersecurity:
239,000 patient records vulnerable in insurance database security incident
Summa Health employees fall victim to phishing attacks
17 healthcare privacy incidents in June
