A temporary staff member mistakenly sent two unencrypted emails with COVID-19 test results to an unauthorized user.
DOVER (DE): The Department of Health and Social Services (DHSS) have discovered that a Division of Public Health temporary staff member mistakenly sent two unencrypted emails.
According to a news release, one email was sent on August 13, 2020, and another on August 20, 2020, to an unauthorized user.
- The breech occurred on On September 16, 2020 and the emails contained COVID-19 test results for approximately 10,000 individuals.
- The August 13, 2020 email included test results for individuals tested between July 16, 2020, and August 10, 2020.
- The August 20, 2020 email included test results for individuals tested on August 15, 2020.
Officials say the emails were meant for internal distribution to call center staff who assist individuals in obtaining their test results.
The emails were sent, mistakenly, to only one unauthorized user. This individual alerted the Division of Public Health of the inadvertent receipt of emails. They reported deleting the emails, and the files attached to them. Currently, there is no evidence to suggest that there has been any attempt to misuse any of the information., officials said.
“The files that were mistakenly released to an unauthorized user contained the following information related to COVID-19 test results: the date of the test, test location, patient name, patient date of birth, phone number if provided, and test result.,” Said DHSS spokeswoman Jennifer Brestel. “No financial information was released.”
“A thorough investigation of the incident was conducted. The Division of Public Health has reviewed and reinforced its Health Insurance Portability and Accountability Act (HIPAA)-related policies and procedures. Division staff were retrained in HIPAA, and additional HIPAA training policies were put in place for temporary staff. The temporary staff member is no longer employed with the Division of Public Health.,” Brestel said.
Brestel added, “As required by HIPAA, the Delaware Division of Public Health has reported this breach to the U.S. Department of Health and Human Services and to the Delaware Department of Justice, as required by state law.”
The Division of Public Health is also establishing a dedicated call center, separate from its COVID-19 call center and independently staffed by a contracted company, to answer any questions about this incident. Call center representatives have been fully versed on the incident and can answer questions or concerns individuals may have regarding protection of their personal information.
The call center, which will be operational beginning Monday, November 16, can be reached at 1-833-791-1663 Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time, excluding U.S. holidays.