Incorrect attachment sent out in a mass email

January 6th, 2016 by admin Leave a reply »

The dermatology office of Dr. Mary Ruth Buchness, PC suffered data breach when an email was sent to certain patients which included a spreadsheet with patient demographic information. The email was sent out to take a survey.

Affected information included names, Social Security numbers, dates of birth, gender, dates of last service and next appointment, telephone numbers, addresses, email addresses, marital status, head of household, employer/occupation and race/ethnicity.

Around 14,000 patients were recently notified about the incident.

As soon as the error was discovered we notified our network administrator, who immediately shut down our email server in order to minimize the number of recipients who received the incorrect attachment,Buchness said in her notification letter. Nevertheless, although we have not yet determined the exact number of recipients, it appears that approximately one hundred thirty emails were sent.

Buchness added that of the 130 emails sent, 60 were successfully delivered and received. Notification letter failed to specify number of affected individuals. But the OCR data breach reporting database listed the number at 14,910.

A privacy and security consultant has been hired to help prevent future data breaches, Buchness stated, and will also help with implementing additional technical safeguards to prevent sending protected health information unintentionally through our e-mail system.

Office is providing additional HIPAA training to the employees. Also, there is temporary ban on sending emails to multiple recipients until the necessary procedures are followed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.


Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply