Florida Hospital Medical Group recently notifed HHS of a breach affecting 1,906 patients. Although the breach reportedly involved a transcription service, the entry on HHS’s public breach tool does not indicate any business associate was involved.
In digging into this report, I found that the Orlando Sentinel had reported the incident on April 8:
If you’re a patient at one of Florida Hospital Medical Group practices, you could be receiving a letter telling you that your personal data may have been compromised.
The medical group, which is the physician practice arm of Florida Hospital, said on Friday that a transcription services company had used an unencrypted email account to sent some patient medical records back to doctors’ offices.
The e-mails included names, birth dates, medications and other information regarding patients’ medical history.
There is no report of any misuse of the data. The Orlando Sentinel mentions a news release, but it does not appear to be available online and DataBreaches.net can find no statement on FHMG’s web site at the time of publication, so the transcription service remains unnamed for now.