Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.

Inability to use BCC Leaks HIV Positive Status of 780 Patients

posted by martyb on Thursday September 03 2015, @12:22PM   Printer-friendly
from the must-not-have-used-gmail dept.

cafebabe writes:

The BBC News reports that:

The 56 Dean Street clinic in London's Soho sent out the names and email addresses of 780 patients when a newsletter was issued to people who attend the clinic. Patients were supposed to be blind-copied into the email but instead details were sent as a group email.

From an interview with one patient:

One man, a 40-year-old public sector worker, has been HIV positive for 13 years and has been using the Dean Street clinic for five. He said: "I felt sick when I realised what had happened. I first saw the email at work but ignored it as I was busy. I then looked at it when I was on the way home from work. I couldn't breathe. I'm concerned who will get this information. If it ends up in the hands of the wrong people, such as hate groups, it could be dynamite."

Further:

Fellow patient James ... said: "I was travelling back from the pride parade in Manchester on Monday when I received this email. I couldn't believe it when I got it and I've been full of worry since. I am not ready to disclose my HIV status to my wider friends or family. I fear now that I have no choice."

Finally, a friend informs me that a breach of privacy at another clinic may be widely reported within the next few days.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Inability to use BCC Leaks HIV Positive Status of 780 Patients | Log In/Create an Account | Top | 43 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by Anonymous Coward on Friday September 04 2015, @07:21AM

    by Anonymous Coward on Friday September 04 2015, @07:21AM (#232156)

    I thought this was a tech site. Yet I've reached the bottom without seeing a single person ask why the f were they using an e-mail client for something that should have used an actual mailing list?

    Mailing list software doesn't have a BCC field. It uses the SMTP envelope, and ignores the headers (or puts its own address in the To header, to please spam filters). Technically, the end result is the same as using the BCC field, with the exception that there is no option to put stuff in the wrong field, because there is no fields.

    Outlook should not be used for mailing lists. Mailing list software should.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Total Score:   2  

  • (Score: 2) by cafebabe on Monday September 14 2015, @08:52AM

    by cafebabe (894) on Monday September 14 2015, @08:52AM (#236171) Journal

    I considered outsourcing but unless every recipient agrees to every change of outsourcer, that would be the equivalent of a HIPAA violation. There's also a Euro-socialist attitude against "You can only receive a digital copy of our public-sector mailing list if you agree to receive it via our preferential private-sector provider (who double-dib-dib, cub-scout's-honor, absolutely swears to us that they hold your personal information securely)."

    I hadn't considered desktop mailing list software but they very probably have a standardized, locked-down desktop - and the last thing you want to do is give these clowns *more* ability to send data outside of their organization.

    --
    1702845791×2