Patient data from the Mississippi State Department of Health sent to wrong contractor

The Mississippi State Department of Health in Jackson, Mississippi, recently notified 30,799 patients of an email breach that gave a Centers for Disease Control and Prevention contractor unauthorized access to patient information, according to a press release

The contractor gained access to treatment information for patients seen at the Mississippi State Department of Health and its clinics in 2017. The breach occurred January 25 as a result of an employee emailing an Excel spreadsheet containing patients’ Social Security numbers and lab results to J. Michael Consulting. The breach was discovered five days later by Mississippi State Department of Health officials.

The email was deleted by accidental recipients, but there is a chance the email could be accessed by others as it was unprotected, states the press release. Affected patients can receive one year of free credit monitoring protection. The Mississippi State Department of Health has since increased its security to reduce potential harm to its patients.