DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Douglas County Health & Human Services notifies patients that former employee accessed their records inappropriately

Posted on December 21, 2024 by Dissent

Alex Evans reports:

Unauthorized access of HIPAA-protected information by county employee, largely flies under the radar.

Six-months after the Douglas County Department of Health and Human Services determined an employee had accessed protected personal and health information without authorization, a notice appeared on the county’s website.

That notice can be found here. Fox21 reports some additional details that they were able to obtain from the department spokesperson, but

Our questions regarding any criminal investigation into the employee’s actions were directed to the Superior Police Department.

Chief of Police, Paul Winterscheidt, confirmed an investigation into unauthorized access of HIPAA information, began June 13, 2024. The investigation found that while HIPAA-protected information was access, it was likely not disseminated beyond the employee. The county prosecutor did not peruse charges following the investigation.

Read more at Fox21. The department spokesperson informed them that notification letters had been sent to 316 people, but didn’t reveal how many people were affected for whom they do not have current addresses. Nor did the department’s notice explain why it took so long for them to discover the improper access by the employee and what role the employee was in.

DataBreaches submitted an email inquiry to the county this morning that asked some specific questions about the incident and the county’s response, but no reply has been received.  The questions asked the county:

  • how many patients, total, had their PHI accessed without authorization or legitimate purpose by the now-former employee;
  • whether the county knows what the employee’s motivation was in accessing these patients’ records;
  • why it took from August 11, 2022 to May 13, 2024 to detect or confirm the improper access;
  • whether the county had any software deployed to detect improper employee access; and
  • what the county has done in response in the way of additional security controls to prevent employee wrongdoing of this kind.

This post will be updated if a response is received. In the interim, here is the county’s website notice:

Website Notification 12.10.24 final
Category: Health DataInsider

Post navigation

← Ascension cyberattack exposed personal data of 5.6 million people
Tracker firm Hapn spilled names of thousands of GPS tracking customers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.