Memorial Healthcare System in Florida has had another breach, it seems. From the substitute notice they posted on their web site in October:
NOTICE REGARDING AN EMAIL SENT TO PATIENTS REGARDING “BREAKING THE SILENCE” EVENT
Memorial Healthcare System (Memorial) is committed to maintaining the privacy and confidentiality of patient information at all times. We are providing this notice to formally inform a group of our patients about an email we sent to them on September 30, 2014, inviting them to an upcoming event, “Breaking the Silence,” in conjunction with breast cancer awareness month. We accidentally included all invited patients’ email addresses in the “To” section of the email, but recognized the oversight immediately that same day. The email may have suggested care some patients received at Memorial. Some patients may have already received notice of this oversight in an apology email we sent on October 1.
This incident does not affect all Memorial patients, but only the limited number of patients to whom the email invitation was sent. We recalled as many emails as possible. A number of the email addresses were “undeliverable” and not received by anyone.
In an abundance of caution, we began mailing notification letters to affected patients on October 24, 2014. We have also established a dedicated call center to address any questions patients may have. If you believe that you have been affected but do not receive a letter by November 14, please call 1-877-237-3854, Monday through Friday, 9:00 a.m. to 7:00 p.m. Eastern Time (closed on U.S. observed holidays). Please be prepared to provide the following ten digit reference number when calling: 6187101714.
We take this matter very seriously and in response have trained the involved employees on the use of group emails and reminded them of the importance of keeping individual patients’ emails confidential. We will be extending the same training to other employees throughout the organization.
Memorial values the relationship it has with its patients and will continue to provide safe and effective care to those entrusted to our care. We again apologize for this incident.
According to their notification to HHS, this breach affected 1,782 patients.