Nordic Consulting Partners email gaffe exposes PHI
External counsel for Nordic Consulting Partners has notified the NH Attorney General’s Office of a breach:
This Firm represents Nordic Consulting Partners, Inc. (“Nordic”) in connection with a situation where an email with the wrong attachment was inadvertently sent out to current and former Nordic employees. The attachment contained the personal information of the recipients of the email as well as their dependents.
On July 21, 2016, a Human Resources employee sent an email to current and former Nordic employees affected by a different data breach to remind them to sign-up for identity theft protection and credit monitoring services with Experian. This employee inadvertently attached a spreadsheet containing the names, addresses, dates of birth, social security numbers, and the names of insurance plans of some of Nordic’s employees and their dependents, who were on Nordic’s health insurance in 2015. Shortly after sending the email and attachment, the error was caught and Nordic’s Information Technology department employed a tool to recall the message and delete it from recipients’ inboxes within Nordic’s domain. For those with non-Nordic email accounts to whom it was sent, Nordic has reached individually to confirm a hard deletion of this e-mail.