Oklahoma City Indian Clinic Data Breach (2014)

Oklahoma City Indian Clinic recently notified 6,044 patients that their names, email addresses and clinic-specific patient numbers were compromised after the following event: On July 28, 2014, an email was sent from the clinic to 360 patients advertising an upcoming adolescent health fair. A spreadsheet containing names, email addresses and clinic-specific patient numbers of 6,044 clinic patients was inadvertently attached to the email. The sender forwarded a message and failed to remove the attachment, which was used as a worksheet to determine the recipients of the email. The patient number is used for internal clinic purposes and is not the patients social security number. The clinic became aware of the incident, and a recall message was sent the same day. The clinic also sent an email to the recipients notifying them that the spreadsheet was not intended for them and requesting that they delete it. A notification letter was sent to all patients whose names were on the spreadsheet on Aug. 18. Oklahoma City Indian Clinic understands the importance of safeguarding our patients personal information and regret that this incident occurred, said Lysa Ross, COO of OKCIC. We have notified our patients of the breach and are taking steps to prevent this from happening again. We encourage patients to call with any questions or concerns. The type of information that was released would not create potential for identity theft. However, patients may receive unwanted emails and should monitor their email accounts. Patients may call toll free 1-844-MYOKCIC Monday Friday between the hours of 8 a.m. and 5 p.m. with any questions.