Unsecured email puts PHI of 1,310 at risk

Laura Pedulli | | Health Exec | Cybersecurity

CaroMont Health in Gastonia, N.C., has notified 1,310 patients of the security compromise of their protected health information (PHI). A routine information security systems audit revealed that an unsecure email—sent to a trust source outside the organization—was the source of the security lapse, according to a statement released by CaroMont and published by the Charlotte Observer.

“Upon discovery of this issue, CaroMont Health conducted a thorough investigation and determined that a staff member emailed the information as part of an approved patient care coordination process (which is an approved release of information under HIPAA) but failed to properly secure the email transmission in accordance with CaroMont’s secure email usage policy,” according to the statement.

PHI disclosed included name, date of birth, address, telephone number, medical record number, diagnosis, last data of service, medications and insurance company names. Of the 1,310 patients, the Medicare numbers for two patients were included.

There is no evidence that anyone except the intended recipient intercepted the message thus an immediate risk to health and financial information is low, according to CaroMont. As a result of the breach, the organization said it will re-train staff on privacy and security protocol in accordance with its Notice of Privacy Practices.

Laura Pedulli

Related Content

Dental chain involved in ransomware coverup fined $350K
FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Data breach at chain of clinics impacts 450K patients
Nebraska becomes first state to sue Change Healthcare over data breach
Christmas ransomware exposed over 300K patient records to dark web
Cryo-frozen tissue manufacturer suffers cyberattack

Around the web

Cardiovascular Business
Reimbursement update: What hospitals need to know about new Medicare payments for cardiac CT

CMS finalized a significant policy change when it increased the Medicare payments hospitals receive for performing CCTA exams. What, exactly, does the update mean for cardiologists, billing specialists and other hospital employees?

Cardiovascular Business
Stryker acquires Inari Medical for $4.9B

Stryker, a global medtech company based out of Michigan, has kicked off 2025 with a bit of excitement. The company says Inari’s peripheral vascular portfolio is highly complementary to its own neurovascular portfolio.

Radiology Business
The biggest obstacles facing radiology business managers in 2025

RBMA President Peter Moffatt discusses declining reimbursement rates, recruiting challenges and the role of artificial intelligence in transforming the industry.