Pittsburgh-based UPMC Health Plan has reported a data breach after an email with sensitive member information was inadvertently sent to an unauthorized person, according to a Tribune-Review report.
The payer is notifying 722 members of the breach, which occurred on June 4 and was reported to federal authorities July 2 after the health system investigated the breach, according to the report.
According to a statement from the health plan, the information in the email was meant to be sent to a physician's office but was instead sent to an incorrect email address.
Member information contained in the email includes names, member identification numbers, birth dates, phone numbers, name of the primary care physician's office and insurance plan types. No medical records, Social Security numbers or financial information was compromised, Gina Pferdehirt, spokeswoman for UPMC Health Plan, told Tribune-Review.
Ms. Pferdehirt did not say how the health plan and the unauthorized person who received the email containing member information were related.
UPMC Health Plan contacted the unauthorized person and retrained staff members on email procedures, according to the statement.
"We apologize for any anxiety or inconvenience that this incident may cause our members," said William Gedman, chief compliance officer of the UPMC Insurance Services Division. "Based on our ongoing investigation, we will make all changes necessary to further enhance our already stringent privacy protections."
Editor's note: This article was updated at approximately 9:10 am CDT on July 15 to include information and comments from UPMC Health Plan.
More articles on data breaches:
Health IT tip of the day: Don't let hackers divert your attention from thieves
OPM Director Katherine Archuleta resigns in wake of data breach fallout
More CIOs could face legal consequences following data breaches