Healthcare company Highmark may have inadvertently leaked the personal information of around 3,675 members, due to an internal error.
A mailing error was made by a Highmark employee on April 19, who sent out health risk assessments containing personal information to the wrong members. Names, addresses, dates of birth and other assorted medical information were attached.
Highmark was notified of the breach through members, who reported receiving assessments belonging to other members, as well as their own. Once aware of the mailing aware, and severity of the situation, Highmark terminated the employee responsible.
As a measure of protection for impacted members, Highmark is replacing their unique identification numbers.
"So far, there's no evidence that any of the information that was mailed in error has been accessed or used inappropriately and Social Security numbers were not part of the mailing," said Highmark Chief Privacy Officer Lisa Martinelli.
It's surprisingly common for these types of breaches to occur, as staff are often in a prime position to breach data, whether or not it's an accident.
Identifying vulnerabilities on a regular basis is the best way for businesses to to identify potential security flaws, and whether employees have to access to systems not required for their work.