Stephenville Medical & Surgical Clinic Data Breach (2016)

Stephenville Medical & Surgical Clinic has disclosed that it was involved in a data breach related to inadvertently emailing an archived list of patients to a single individual. The incident occurred May 19, when an individual requested the clinic email a blank medical record release form. Rather than emailing the blank form, an employee in the Medical Records Department mistakenly emailed a spreadsheet containing a list of former patients, most of whom had not been seen at the clinic for more than 9 years. The recipient opened the document that evening and determined it was not the form requested. The recipient immediately deleted it.