Wyoming hospital hit with email data breach

Geisinger Health System recently warned 2,900 patients they may have been victims of a data breach when a Geisinger Wyoming Valley Medical Center doctor emailed protected health information to his personal account.

Gastroenterologist David Shaefer emailed himself the data without first encrypting it. Exposed data included patient names, medical record numbers, procedures, indications and physicians' notes on provided care. However, financial information that would leave patients vulnerable to identity theft was not included, Geisinger Health System said in a statement.

Geisinger privacy officer John Gildersleeve said Shaefer authorized his email provider to delete the information from his account and its servers. Shaefer also deleted the information from his home computer.

The security steps were taken despite the probability that information was only viewed by Shaefer, according to Gildersleeve.

According to a recent report from network management solutions vendor Ipswitch, the use of personal email accounts is a growing concern for data loss among chief information officers. The company's poll revealed 40 percent of IT executives routinely send confidential information through personal email to avoid their company's audit trails. Another 25 percent email themselves sensitive data with the intention of using it at a future job.