The North Carolina Department of Health and Human Services (DHHS) is notifying 1,615 individuals that an employee inadvertently sent an email containing personal information without first encrypting it.
How many victims? 1,615.
What type of personal information? Names, Medicaid identification numbers (MID), provider names and provider ID numbers, and other information related to Medicaid services.
What happened? A North Carolina DHHS employee inadvertently sent an email containing the personal information without first encrypting it.
What was the response? The staff member immediately realized the error and notified the DHHS Privacy and Security Office. DHHS is reminding staff to encrypt emails containing confidential information prior to sending, and is also exploring technology that will encrypt emails automatically to avoid human error in the future. All affected individuals are being notified.
Details: The issue involved a North Carolina DHHS employee inadvertently sending an email to the Granville County Health Department without first encrypting it. A spreadsheet containing information relating to individual Medicaid recipients was attached to the email. The email was sent on Aug. 19.
Quote: “DHHS cannot determine for certain that the email was not intercepted during transmission over the Internet, but has no reason to believe any information was compromised,” a notification said.
Source: A correspondence with a North Carolina DHHS spokesperson; us4.campaign-archive2.com, “NC DHHS Notice,” Oct. 16, 2015.