Breach, Compliance Management, Data Security, Privacy

North Carolina DHHS reports second email incident in two months

The North Carolina Department of Health and Human Services (DHHS) is notifying 524 individuals that an employee inadvertently sent an email containing personal information without first encrypting it.

How many victims? 524

What type of personal information? County patient first and last names, addresses, Medicaid recipient ID numbers, genders, ethnicity, race, insurance information, provider names, Social Security numbers and dates of birth.

What happened? On Sept. 14, a North Carolina Department of Health and Human Services employee sent an unencrypted email to the Orange and Ashe counties health directors containing a spreadsheet with the personal information of 524 individuals.

What was the response? Officials have installed software that will intercept such emails and block them from being sent until the data is encrypted. Officials have notified all of the affected patient, but they don't believe any of the information was compromised. The agency has also established a hot line to address questions the victims may have.

Details: This is the second time an employee inadvertently sent an unencrypted email containing patient information. The first time was announced on Oct. 16 and the data didn't contain social security numbers or dates of births.

Quote: "We take very seriously our responsibility to secure the personal information entrusted to us," Dave Richard, DHHS deputy secretary in charge of Medicaid said in the notification. "This technology adds a safety net and a layer of protection that goes beyond the human element. This is an important, necessary addition to our workflow."

Source: North Carolina DHHS Notice


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.