After the Inmediata breach that caused the exposure of PHI, the company sent by mail notification letters to the people affected by the breach. However many people reported that they got notification letters addressed to another individual.
The breach was about Inmediata’s webpage that was configured by mistake to permit search engine indexing. Consequently, any person searching online could discover the webpage and view the protected information of Inmediata clients’ patients.
Even though forensic investigators did not present any proof of unauthorized access of the webpage when it was open to the public, its probability cannot be absolutely ruled out.
The information on the webpage that could have been viewed includes patients’ names, birth dates of birth, addresses, gender, names of physician and medical claim data. Some Social Security numbers were likewise exposed.
Inmediata started sending notification letters to individuals affected by the breach on April 22, 2019. However there was an error in the letters sent. Several folks reported receiving notification letters having the wrong addressee.
As per Michigan’s Consumer Protection Division, two state residents reported receiving misaddressed letters. Databreaches.net obtained a few similar consumer reports.
This type of error probably transpired as a result of people relocating or getting married and not updating their information. Some feedback suggest that the data was retained for some time. For instance, several letters were mailed to women using their maiden name. In one instance, the addressee’s last name was used 25 years ago.
Only the names were exposed in the misaddressed letters so it is unlikely that the mailing error will result to harm on patients. However, the error means that some individuals never received the notification letters and are not informed regarding their PHI exposure. For that reason, they are not prepared to secure their personal identities.
Director Anita G. Fox of the Department of Insurance and Financial Services (DIFS) and Michigan Attorney General Dana Nessel gave information as to how the people affected by the breach can secure their identity against theft and fraud. Many people who received the breach notification letters became puzzled concerning Inmediata and why it has their information.
There should have been more explanation about Inmediata to avoid the confusion. Updates about the mailing error will be published again when available.