Email snafu causes a breach at North Carolina HHS
The North Carolina Department of Health and Human Services recently notified the HHS Office for Civil Rights and about 6,000 individuals after learning of a data breach when a spreadsheet containing protected health information was sent in error to a vendor via unencrypted email.
The spreadsheet contained patient names, Social Security numbers and test results for individuals who underwent drug screenings for employment or intern or volunteer opportunities within the agency.
The department launched an investigation upon learning of the breach in late September of 2017 and worked with the vendor on the deletion and secure destruction of the information in the spreadsheet.
“While DHHS cannot determine for certain that the email was not intercepted during transmission, DHHS has determined that the risk of misuse of the personal information is low,” the organization stated in notices to local media and affected individuals.
However, the department is not offering protective services such as credit monitoring and identity theft protection, and is putting the cleanup work on the backs of affected individuals.
The department has advised those affected to put an alert on their credit files and monitor bank statements and credit card bills for unusual or unauthorized activity, giving the telephone numbers of credit bureaus Equifax, Experian and TransUnion.
DHHS officials did not respond to a request for additional information on the breach, including the reasons for not offering protective services.