- The firm has been blamed for sending multiple letters addressed to different victims to other patients.
- Apart from mailing issue, the firm has also been alleged for delaying its response.
Inmediata Health Group has come under fire for improper handling of its breach notification process. The firm has been blamed for sending multiple letters addressed to different victims to other patients.
In January 2019, the officials of the healthcare firm discovered a data breach that impacted 1,565,338 patients. The incident occurred due to its misconfigured website. Upon discovery, the webpage was deactivated and a thorough investigation was performed.
During the investigation, it was found that the personal data of several patients were compromised. The compromised data included names, addresses, dates of birth, gender and medical claims. For some, Social Security numbers were also potentially breached.
In a bid to alert its patients, it started sending emails that explained the issue. However, the health administrator made severe mailing mistakes during the process.
What’s the error?
According to the patients, they received multiple letters, some of which were addressed to other patients. In one instance, one victim received two letters - one addressed to them and the other addressed to another patient.
In another instance, a victim received five letters, two of which were addressed to them, but the other three were meant for three different people.
Apart from mailing issue, the firm has also been alleged for delaying its response. According to HIPAA’s 60-day breach notification rule, the firm was supposed to inform its patients in March. However, it only did in April 2019.