Dive Brief:
- Anthem Blue Cross sent out emails to California residents that included personal information in the subject line, including demographic details and tests that the insurer recommended to the individual, reports the New York Times.
- For example, one woman received an email with the following subject line: "Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N."
- "This information is certainly sensitive, as you can imagine, because a call for certain tests, and frequency, could indicate a health problem," the recipient wrote to a reporter. A spokesperson for Anthem said that the insurer is investigating the situation.
Dive Insight:
This kind of unfortunate accident is exactly why hospitals and other providers are eschewing email in lieu of more secure means of patient communication.
"Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider," said Stanford data security and privacy expert Jonathan Mayer.
In the state of California, businesses must notify residents within a reasonable period of time if their unencrypted personal information has been involved in a security breach—the first state to enact a notification law. It is unclear at this time whether or not the incident will require a breach notification.