- Fremont, Nebraska-based Prairie Fields Family Medicine is notifying 6,450 patients that their patient data was potentially breached due to an emailing error.
An employee inadvertently sent an unencrypted spreadsheet to the wrong email recipient on October 1, and the mistake was discovered on the same day. Officials made multiple attempts to contact the email account owner to ensure the database was deleted, but there’s been no response.
Prairie Fields believes the lack of response means the account is no longer active. However, officials can’t determine whether that was the case.
The compromised spreadsheet contained patient names, birthdates, telephone numbers, sex and race. For some patients, the data included primary and secondary health insurer details, including provider names and account numbers. Financial data or health information from medical records were not involved.
Officials notified the Department of Health and Human Services and all of the patients involved. The provider has since improved its security controls to prevent a similar event.
Email Errors Breaches Data of 1,350 Butler County Employees
The protected health data of 1,350 Butler Country employees was potentially breached due to an email error.
In September, the county’s wellness coordinator inadvertently emailed employee wellness information, as part of an email about health insurance. The spreadsheet contained hidden columns, which included personal employee data.
The compromised data contained names, insurance identification, and information on employee participation in the county wellness program. Passwords and other sensitive data were not contained in the spreadsheet.
Butler county contacted HHS, which is investigating the event.
Coding Error Compromises Thielen Student Health Data
Ames,Iowa-based Thielen Student Health Center is notifying nearly 600 students of a potential breach caused by a coding error.
On November 5, TSHC prepared its satisfaction surveys, which were meant to be sent out to patients. But due to a coding error, the names of patients, appointment dates, and provider names were inadvertently added to the surveys. As a result, patients could potentially see the data of other patients.
Officials said there was at least one reported event where a patient saw that data. TSHC quickly discovered the error and was able to recall many of the surveys before they were seen by patients. All patients have been notified. Officials have made changes to remove personal data from future surveys.