DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Delaware Division of Public Health Announces Data Breach Incident Involving COVID-19 Results

Posted on November 15, 2020 by Dissent

DOVER (Nov. 15, 2020) – The Delaware Division of Public Health (DPH) is announcing today that it is mailing letters to individuals who were impacted by a recent data breach incident and is providing information to the public regarding the incident.

On September 16, 2020, the Department of Health and Social Services (DHSS) discovered that a Division of Public Health temporary staff member mistakenly sent two unencrypted emails, one on August 13, 2020, and one on August 20, 2020, to an unauthorized user. These emails contained COVID-19 test results for approximately 10,000 individuals. The August 13, 2020 email included test results for individuals tested between July 16, 2020, and August 10, 2020. The August 20, 2020 email included test results for individuals tested on August 15, 2020. The emails were meant for internal distribution to call center staff who assist individuals in obtaining their test results.

The emails were sent, mistakenly, to only one unauthorized user. This individual alerted the Division of Public Health of the inadvertent receipt of emails. They reported deleting the emails, and the files attached to them. Currently, there is no evidence to suggest that there has been any attempt to misuse any of the information.

The files that were mistakenly released to an unauthorized user contained the following information related to COVID-19 test results: the date of the test, test location, patient name, patient date of birth, phone number if provided, and test result. No financial information was released.

A thorough investigation of the incident was conducted. The Division of Public Health has reviewed and reinforced its Health Insurance Portability and Accountability Act (HIPAA)-related policies and procedures. Division staff were retrained in HIPAA, and additional HIPAA training policies were put in place for temporary staff. The temporary staff member is no longer employed with the Division of Public Health.

As required by HIPAA, the Delaware Division of Public Health has reported this breach to the U.S. Department of Health and Human Services and to the Delaware Department of Justice, as required by state law.

The Division of Public Health is also establishing a dedicated call center, separate from its COVID-19 call center and independently staffed by a contracted company, to answer any questions about this incident. Call center representatives have been fully versed on the incident and can answer questions or concerns individuals may have regarding protection of their personal information.

The call center, which will be operational beginning Monday, November 16, can be reached at 1-833-791-1663 Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time, excluding U.S. holidays.

Information will also be posted on the Delaware Department of Health and Social Services website at: https://dhss.delaware.gov/dhss/.

###

 

Category: Government SectorHealth Data

Post navigation

← Consumer Watchdog Hacks A Tesla to Prove Dangers of Wirelessly Connected Cars
Correction and Update: Mount Locker team denies responsibility for Sonoma Valley Hospital attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.