MedStar Health Cardiology Associates, (“MedStar Cardiology”) affiliated with MedStar Health, which was recently in the news for a ransomware attack, discovered that an employee sent protected health information of 907 patients to a personal email account.
The information contained in the email included the patients’ names, dates of birth, health insurance ID numbers, and some Social Security numbers.
The affected patients were notified of the breach by mail on August 5, 2016 and are being offered identity theft protection. The employee was fired and MedStar Cardiology is re-educating its employees on confidentiality of patient information.
This is a valuable lesson for healthcare entities to educate employees about policies and procedures that prohibit the transfer of patient information to a personal email account.