Danville, Pa.-based Geisinger inadvertently exposed the email addresses of nearly 2,000 respondents who completed a customer insights panel survey, The Times-Tribune reports.
A mass email thanking the survey respondents and describing its overall results listed all the recipients' email addresses. When sending mass emails, senders usually blind copy, or BCC, all respondents so their email addresses are hidden from other recipients. Only email addresses were exposed; no patient health information was compromised.
"The only information involved in this incident was the email addresses of patients who opt in to our customer insights panel," Geisinger's Chief Privacy Officer John Signorino said in an emailed statement to Becker's Hospital Review. "We asked the recipients to delete the email, and future messages will all be sent through an automated survey software system to prevent such a situation from occurring again."
More articles on cybersecurity:
Finger Lakes Health reports ransomware attack, unable to access computers
Banner Health under investigation for 2016 cyberattack
4 ways technology makes HIPAA easier to follow