UofL Health sends PHI to wrong email address: 42,000 patients affected

Featured image

Share this article

UofL Health has a data breach from sending PHI to wrong email address - Paubox

UofL Health in Louisville, Kentucky is the latest healthcare provider to have breached HIPAA by sending protected health information (PHI) to the wrong recipient. 

What happened?

On June 7, UofL Health started notifying over 42,000 patients of a data breach that occurred the same day. Several emails containing PHI were accidentally sent to an unauthorized recipient. 

The recipient told UofL Health the next day that the emails were never viewed or accessed and had been deleted from their network system. The unintended recipient also provided technical evidence to prove it.

UofL released a statement saying, “We are relieved that our patients’ information is not at risk as a result of this incident.” The healthcare system is offering identity protection services to affected patients as an extra precaution.

How could this have been prevented?

Human error is the most likely cause of sending sensitive emails to unauthorized individuals. While healthcare organizations may train their employees on cybersecurity, people making honest mistakes will always be a major threat to your network security.

Read more: Why investing in ongoing cybersecurity training is good business

So what can a covered entity do to ensure that emails containing PHI aren’t sent to the wrong people? One solution is to choose an email security provider that includes data loss prevention (DLP).

Email DLP is an additional technical safeguard that prevents sensitive data from being accidentally or maliciously sent to unauthorized email addresses. A good email DLP system will mitigate risks and prevent data breaches.

Paubox Email Suite Premium includes both inbound and outbound DLP. Customers configure their own rules to ensure that employees can’t send sensitive data to the wrong party or receive information they are not authorized to view. 

For example, the billing department doesn’t need Social Security numbers, so you can set up a rule that will stop an email from being sent if it contains that kind of personally identifiable information (PII)

Paubox allows you to send HIPAA compliant email while maintaining robust encryption and security safeguards.

Try Paubox Email Suite Premium for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022