The San Francisco-based health care facilities operator Dignity Health recently experienced an accidental email breach affecting 55,947 patients, according to a May 31 disclosure form the not-for-profit corporation filed with the U.S. Department of Health and Human Services.
In a blog post filed last week, DataBreaches.net reports that Dignity Health acknowledged in a statement that an email list that was formatted by third-party partner Healthgrades contained a sorting error that caused the company to send emails to the wrong patients last April. Fortunately, emails contained only patients' names and their physicians' names, and each incorrectly addressed email was sent to only one individual.
DataBreaches further reports that Dignity Health recently reported experienced two other breach incidents. Specifically, Dignity Health recently reported on its website that an employee St. Joseph's Hospital and Medical Center in Arizona was found to have viewed the records of 229 patients "without a business reason to do so." Additionally, the company last month reported to HHS that three of its Nevada hospitals mistakenly continued to send documents with patient information to a third-party contractor after his or her contract had expired. That contract was later renewed anyway. A total of 6,016 patients were involved in this incident.
In related news, multiple outlets are reporting [1, 2] that Terros Health on June 8 publicly disclosed a data breach impacting roughly 1,600 patients, nearly all of whom received treatment at a medical clinic in Phoenix. The company reportedly stated in a press release that on Nov. 16, 2017, an unauthorized individual accessed information such as names, birth dates, home and email addresses, diagnoses, medical record numbers, and "other protected health information. The Social Security numbers of 142 patients may have also been exposed.
Both health care organizations say they took steps following the various breaches to mitigate their impact, including contacting patients, establishing a help telephone line and offering ID theft protections, as necessary.