- The Jonathan M. Wainwright Memorial VA Medical Center (VAWW) of Walla Walla, Washington mistakenly sent 1,519 patients’ data to an external education partner on November 1, according to PHIPrivacy.net.
While the exact types of exposed information wasn’t revealed, we know that patients’ personal information, including Social Security numbers, were included in the email attachment. VAWW’s statement says that the organization managed to recover the email 10 minutes after sending it and it’s taking the appropriate steps to prevent future occurrences.
“VA places the highest priority on safeguarding the personal information of our Veterans,” said Medical Center Director, Brian Westfield. “When an incident such as this is discovered, we will immediately take prompt remedial action such as notification to the Veteran – even if the risk to Veterans is very slight.”
Additionally, VAWW Privacy Officer Laurie Beauchamp said she investigated the incident and doesn’t believe the information was misused by the external partner. “I am confident appropriate steps have been taken to mitigate any harm to our Veterans,” said Beauchamp. And the employee who inadvertently sent the email received additional training on keeping electronic files protected to avoid a reoccurrence. Every Veteran whose name was in the email attachment will receive a letter of notification and, where appropriate, an offer of credit monitoring for one year at no charge as well.
This was a reminder that human error breaches continue to be a major issue in healthcare. The best way organizations can respond to these types of incidents is beefing up security training and letting users and staff members know the importance of protecting patient data.