HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

South Texas Health System and Atricure Report Email Incidents

South Texas Health System has notified 6,761 individuals about an accidental disclosure of some of their protected health information. South Texas Health System provides discharge instructions after patients receive medical care in its hospitals. Part of that process involves an employee generating and emailing a monthly report that identifies patients that have been discharged from its hospital emergency departments.

South Texas Health System discovered on April 8, 2021 that an email with an attached November 2020 report was sent to an incorrect email address on April 7. Steps were taken to try to identify the recipient and get the email deleted, but that individual remains unknown and it is unclear whether the email has been opened, viewed, or deleted.

The email attachment contained a list of patients discharged from its hospital emergency departments in November 2020, which included names, internal hospital visit numbers, date and time of discharge, whether discharge instructions were provided, and information about where the patients were discharged.

The nature of the data in the report makes it unlikely that patients will suffer harm; however, out of an abundance of caution, those individuals have been offered complimentary membership to an Internet surveillance and an identity theft restoration service for 12 months.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Email Data Breach Affects Atricure Group Health Plan Members

Ohio-based Atricure has discovered an email account of one of its employees was accessed by an unauthorized individual for a short period on March 8, 2021. Upon discovery, the account was immediately secured and a third-party cybersecurity firm was engaged to assist with the investigation. The breach was confirmed as affecting a single email account, but it was not possible to tell if any emails or attachments were viewed.

An analysis of all emails and attachments in the account was completed on April 7, 2021 and revealed they contained some sensitive information of employees, beneficiaries and dependents relating to the Atricure Group Health Plan. In total, 2,487 individuals have been affected by the breach.

The types of information potentially compromised included names, addresses, dates of birth, Social Security numbers, financial account information, clinical information, and health insurance claims information. Affected individuals have been provided with complimentary credit monitoring, fraud consultation, and identity theft restoration services. Atricure has also enhanced its security protocols and has re-educated employees on email security.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.