Errant Email May Have Exposed 30,000 Mississippians' PHI

Ryan Black

The Mississippi State Department of Health is sending out letters warning patients of the unauthorized disclosure.

The Mississippi State Department of Health (MSDH) is warning patients that their personal information may have been put at risk by an errant email.

Names, birth dates, Social Security numbers, and lab results of more than 30,000 MSDH patients may have been contained in a single Excel spreadsheet that an employee accidentally sent outside of the organization. That information was released to J Michael Consulting, a Centers for Disease Control and Prevention contractor, on January 25th. The agency became aware of the situation 5 days later.

“Each person who mistakenly received the spreadsheet said they deleted all traces of the email from their inbox and did not share the email or what was in it,” MSDH said in a statement. It goes on to say that it’s “unlikely that the personal information was viewed by anyone,” but since the email was unprotected, there is no guarantee of that.

The Department sent out notification letters to patients who may have been was involved, but said that it did not have complete contact information for all parties and some may not receive the notice. Patients who were treated by MSDH or any of its clinics in 2017 are being urged to contact the agency if concerned, and it’s offering 1 year of free credit monitoring to everyone listed in the spreadsheet.

The incident was the 21st data breach reported to the Department of Health and Human Services’ Office for Civil Rights in March. It’s the 7th largest event out of the 67 that have been reported so far in 2018, just beating out a January hacking incident against Florida’s Agency for Health Care Administration.

Related Coverage:

After Failing to Avert Data Breach Lawsuit, CareFirst Gets Hacked Again

The MyFitnessPal Data Breach Must Resonate Beyond Its Userbase

March's Reported Data Breaches: Another 120,000 Patients at Risk (So Far)