Use of unsecure email account causes breach at UMC Physicians

Two employees at UMC Physicians in Lubbock, Texas, were forwarding emails to an unsecured Google mail account after they established a Google shared drive to track follow-up tasks.

Now, the organization is educating employees on the use of approved cloud storage solutions and notifying patients that sending emails to unsecured Google accounts may compromise protected health information.

On March 12, UMC Physicians discovered the breach and retrieved or deleted the affected files, while also launching an investigation to determine the scope of the breach and identify affected individuals.

Although the two employees intended to ensure good care, information was compromised, the organization told patients.

Affected information included names, addresses, phone numbers, medical record numbers, dates of birth, dates of service, health insurance, diagnoses and procedures.

Also See: Mishandled emails cause breach at Kansas disability agency

Financial information, Social Security numbers, insurance policy numbers and credit card information were not affected by the breach.

All employees are being educated on use of approved cloud storage to prevent a similar incident from occurring again.

UMC Physicians-CROP.jpg

“UMC will implement other products to prevent the use of unapproved cloud storage solutions,” the organization told patients in a notification letter. “UMC understands this situation may create worry and inconvenience for patients, and the health system sincerely apologizes and regrets that this incident has occurred.”

A dedicated phone line for patients has been established. Additional information from the organization, including the number of patients affected, was not immediately available, but the number will soon be posted on the HHS Office for Civil Rights’ data breach web site.

For reprint and licensing requests for this article, click here.