Email sender forgets to blind carbon copy recipients

Apr 6, 2015 16:32 GMT  ·  By

Protected health information of 845 patients of Visalia and Farmersville clinics in California may be at risk, the Tulare County Health and Human Services Agency (HHSA) informs.

Responsible for the blunder is an employee, who did not add the recipients of an email to the blind carbon copy field. As a result, all recipients could see who else received the notification.

Patients need to register for new accounts

The message was clearly medical in nature and it concerned all 845 patients, thus establishing common ground for all of them.

According to a disclosure letter published on Friday by the health organization, the message was delivered on March 19, and it did not contain any health-related information.

To mitigate any risks that may arise from this slip-up, the Patient Portal accounts belonging to affected individuals have been disabled; access to them is based on an email address and a given PIN code.

“HHSA has not received any indication that the information in the email has been accessed or used by unauthorized parties,” the letter reads.

The document also informs that the impacted patients should have already received the notification.

Active email addresses are very useful for phishing scams

They can contact the agency for more details by phone at (800) 834-7121 anytime between 8:30 a.m. and 5:30 p.m., Monday through Thursday, and 8:00 a.m. until noon on Fridays. Concerns via email can be directed to [email protected].

As a precaution, HHSA encourages the patients to change their email addresses and the PIN code before re-registering for a new account.

Email addresses, especially active ones, are particularly important to cybercriminals, as they can deliver spam or even attempt phishing scams.

The name of the potential victim, or any other information about them, can turn an easy-to-spot phishing attempt into a legitimate-looking message.