Memorial Hospital at Gulfport (Miss.) notified 1,500 patients after learning some of their protected health information was inadvertently sent, via email, to an outside email address, a hospital spokesperson confirmed to Becker's Hospital Review.
In a routine internal audit, Memorial officials learned an email containing patients' names and internal encounter numbers had been sent to a single, external email address as a result of a clerical input error. The error was corrected immediately upon its discovery, and the information in the email was encrypted to require a password to open it. No financial information, Social Security numbers, diagnoses, symptoms or other demographic information was disclosed.
Memorial hasn't be able to confirm whether the email address was actively in use, or if the information was received, but based on the results of its investigation, it has no reason to believe any of the information was accessed. Out of an abundance of caution, Memorial reported the incident to HHS, as required under HIPAA.
More articles on cybersecurity:
UC San Francisco, Samsung partner on blood pressure app for research
Researchers use EHRs to identify hypertension among safety-net patients
NIH's genome institute to unveil new roadmap for genomics research in 2020