The Indiana Department of Health is notifying nearly 750,000 residents after data from the state's COVID-19 online contact tracing survey was breached. The data breach included resident's name, address, email, gender, ethnicity and race, and date of birth.The state was notified of the breach on July 2. Last week, the state and the company that accessed the data signed a "certificate of destruction" to confirm that the data was not released to any other entity and was destroyed by the company.When the state was notified of the unauthorized access, the Indiana Office of Technology and IDOH immediately corrected a software configuration issue and requested the records that had been accessed. Those records were returned on Aug. 4."We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained," State Health Commissioner Dr. Kris Box, FACOG, said in a statement. "We will provide appropriate protections for anyone impacted."The state Department of Health will send letters to affected Hoosiers to notify them that the state will provide one year of free credit monitoring and is partnering with Experian to open a call center to answer questions from those impacted. In addition, the Indiana Office of Technology will continue its regular scans to ensure information was not transferred to another party."We take the security and integrity of our data very seriously," Tracy Barnes, chief information officer for the state, said in a statement. "The company that accessed the data is one that intentionally looks for software vulnerabilities, then reaches out to seek business. We have corrected the software configuration and will aggressively follow up to ensure no records were transferred."
The Indiana Department of Health is notifying nearly 750,000 residents after data from the state's COVID-19 online contact tracing survey was breached.
The data breach included resident's name, address, email, gender, ethnicity and race, and date of birth.
The state was notified of the breach on July 2. Last week, the state and the company that accessed the data signed a "certificate of destruction" to confirm that the data was not released to any other entity and was destroyed by the company.
When the state was notified of the unauthorized access, the Indiana Office of Technology and IDOH immediately corrected a software configuration issue and requested the records that had been accessed. Those records were returned on Aug. 4.
"We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained," State Health Commissioner Dr. Kris Box, FACOG, said in a statement. "We will provide appropriate protections for anyone impacted."
The state Department of Health will send letters to affected Hoosiers to notify them that the state will provide one year of free credit monitoring and is partnering with Experian to open a call center to answer questions from those impacted. In addition, the Indiana Office of Technology will continue its regular scans to ensure information was not transferred to another party.
"We take the security and integrity of our data very seriously," Tracy Barnes, chief information officer for the state, said in a statement. "The company that accessed the data is one that intentionally looks for software vulnerabilities, then reaches out to seek business. We have corrected the software configuration and will aggressively follow up to ensure no records were transferred."
Source link
