Here’s an incident involving St. Elizabeth Physicians that happened last month but just showed up on HHS’s public breach tool now. From their August 23 notice:
On July 12, 2016 St. Elizabeth Physicians inadvertently released the email addresses of 674 individuals in an email sent by its Weight Management Center inviting the recipients to a vitamin presentation and open forum meeting. The sender inadvertently and mistakenly failed to blind copy the recipients thus allowing all email addresses to be visible by all recipients. No social security numbers, phone numbers, addresses, or any other personal health or identification information was disclosed. The only information disclosed was email addresses.
Although there is a very low risk to the affected individuals, St. Elizabeth Physicians has offered to provide each individual one year of identity theft monitoring at St. Elizabeth Physicians’ expense and has encouraged the notified individuals to, as always, use caution when receiving any email related to the solicitation of information or for the sale of products and services.
St. Elizabeth Physicians has promptly and thoroughly investigated the matter and has reviewed its procedures. Corrective action has been pursued to avoid this from happening in the future.
St. Elizabeth Physicians takes patient confidentiality very seriously and is committed to maintaining the privacy and security of all patient information. St. Elizabeth Physicians regrets that this incident has occurred and is committed to preventing future occurrences.
Patients may call 1-855-809-9217 from 9:00 a.m. – 5:00 p.m. with any questions or submit inquires electronically here. Trained staff is available to address any questions related to this matter.
Some email addresses may have revealed the patients’ names, but even so, offering identity theft monitoring for exposing email addresses (and maybe names)? Seriously? That’s going a bit far…