UofL Health, based in Louisville, Kentucky, has notified more than 40,000 patients of an error that exposed their personal health information. The healthcare system consists of four medical centers, five hospitals, 200 physician practices, 700 providers, the Frazier Rehab Institute, and the Brown Cancer Center. Earlier this month, an email security incident involving the unauthorized disclosure of data belonging to 42,465 individuals occurred when patient information was emailed to the wrong address outside of the health system’s network. According to UofL Health, the actual recipient of the data did not view or access patient information.
However, the incident did put patients’ personal health information at risk due to the error. The healthcare system did not disclose what was contained within the email. UofL Health posted a notice to its website explaining that it had notified impacted patients after it realized that emails containing health information were sent to an external domain. The email has since been deleted by the recipient and the safety of the data was investigated. Patients affected by the incident have been offered free identity protection services.