Email Security Incidents at South Texas Health System and Atricure

South Texas Health System has informed 6,761 regarding some of their protected health information (PHI) that had been accidentally disclosed. South Texas Health System offers discharge directions following patients are given medical care in its hospitals. Part of that procedure requires a staff creating and emailing a monthly report that identifies patients that were discharged from the emergency departments of the hospital.

South Texas Health System found out on April 8, 2021 that an email message with an attached November 2020 report was delivered to the wrong email address on April 7. Steps were done to try to know the individual and have the email deleted, however that person is still unidentified and it is uncertain whether or not the message has been opened, seen, or erased.

The email attachment included a listing of patients released from its hospital emergency sections in November 2020, which contained names, date and time of discharge, internal hospital visit numbers, whether discharge information was given, and information concerning where the patients were released.

The nature of the data in the report makes it less likely for patients to suffer damage; nevertheless, as a precautionary measure, those people were provided complimentary 12-month membership to an internet surveillance and identity theft restoration service.

Atricure Group Health Plan Members Affected by Email Data Breach

Atricure based in Ohio uncovered that an unauthorized person accessed the email account of an employee for a short period of time on March 8, 2021. Upon discovery, Atricure immediately secured the email account and engaged a third-party cybersecurity firm to help investigate the incident. The breach was confirmed as impacting only one email account, nevertheless, it was not possible to know if any emails or file attachments were viewed.

A review of all email messages and attachments in the account was finished on April 7, 2021 and revealed that they included a few sensitive data of workers, beneficiaries and dependents associated with the Atricure Group Health Plan. In total, 2,487 persons were affected by the breach.

The types of details possibly compromised included names, birth dates, addresses, Social Security numbers, clinical data, health insurance claims information and financial account details. Impacted people were provided with free credit monitoring, fraud consultation, and identity theft restoration services. Atricure has additionally improved its security protocols and has re-educated workers about email security.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA