Mental health agency breached over the past four years
Since June 2014, staff at Polk County Health Services in Des Moines, Iowa where unaware that a data breach was causing the organization to unknowingly disseminate protected health information of 1,071 patients who were being served at the organization’s crisis observation center.
In a statement, Polk County did not explain how the organization failed to know patient information was being electronically released or where the information was being sent. The county investigated the breach and determined the types of information disclosed as well as the recipients of the data.
Polk County Health Services declined to provide further details or issue any other statement about the data breach.
Compromised data included patient name, home address, date of admission to the crisis center, discharge location, Social Security Number and Medicaid identification number. The county notes in the statement that it does not have evidence that information was improperly used.
The organization, which serves 9,000 patients annually who suffer from mental illness or other development disabilities, is offering affected individuals a year of credit monitoring services.
“To protect against further breaches, Polk County Health Services, with assistance from Polk County, Iowa, has added computer security protections and protocols and has educated Polk County Health Service’s workforce about the importance of maintaining health privacy,” the organization says.
In addition to offering credit protection, Polk County also gave affected individuals guidance on protecting their personal information, including the need to register a fraud alert with credit bureaus.