The North Carolina Department of Health and Human Services has notified close to 6,000 individuals that a spreadsheet containing the names, Social Security numbers and test results for routine drug testing for employment, internships and volunteer opportunities was sent via an unencrypted email to a vendor in error.

Misdirected emails are a frequent occurrence and can have dire consequences. Limiting information in spreadsheets is a strategy to reduce the risk of a breach in the event that an email containing information is sent to the wrong recipient. It is unclear why full Social Security numbers were on this particular spreadsheet, or why they were needed by the recipient, but it is a potent reminder that deleting or not including high risk information before sending it to others is an important practice.