Breach, Data Security

North Carolina DHHS notifies individuals of email incident

The North Carolina Department of Health and Human Services (DHHS) is notifying 1,615 individuals that an employee inadvertently sent an email containing personal information without first encrypting it.

How many victims? 1,615.

What type of personal information? Names, Medicaid identification numbers (MID), provider names and provider ID numbers, and other information related to Medicaid services.

What happened? A North Carolina DHHS employee inadvertently sent an email containing the personal information without first encrypting it.

What was the response? The staff member immediately realized the error and notified the DHHS Privacy and Security Office. DHHS is reminding staff to encrypt emails containing confidential information prior to sending, and is also exploring technology that will encrypt emails automatically to avoid human error in the future. All affected individuals are being notified.

Details: The issue involved a North Carolina DHHS employee inadvertently sending an email to the Granville County Health Department without first encrypting it. A spreadsheet containing information relating to individual Medicaid recipients was attached to the email. The email was sent on Aug. 19.

Quote: “DHHS cannot determine for certain that the email was not intercepted during transmission over the Internet, but has no reason to believe any information was compromised,” a notification said.

Source: A correspondence with a North Carolina DHHS spokesperson; us4.campaign-archive2.com, “NC DHHS Notice,” Oct. 16, 2015.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.