Breach at The MED in Memphis Hits 1,200

Regional Medical Center at Memphis, known as The MED, is notifying nearly 1,200 patients of a breach of protected health information that includes Social Security numbers, reports WREG, the local CBS affiliate.

The hospital learned on March 15 of three unsecured emails with attachments containing PHI that were sent out last Oct. 29, Nov. 1 and Feb. 4 in what is believed to be an “innocent employee mistake,” according to a public notice. The emails contained information on nearly 1,200 outpatient physical therapy patients treated between May 1, 2012 and Jan. 31, 2013.

In addition to SSNs, other information in the emails included name, patient account number, date of birth, home phone, and type/reason for therapy. “The medical center has been and will continue to work closely with the company that received the emails, and it is believed the emails were deleted and not further used or disclosed at the time of the incident,” according to the notice.

While the medical center has no indication that the information has been disclosed further or used, it is offering affected patients one year of paid credit monitoring services.

For reprint and licensing requests for this article, click here.