DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Douglas County Health & Human Services notifies patients that former employee accessed their records inappropriately

Posted on December 21, 2024 by Dissent

Alex Evans reports:

Unauthorized access of HIPAA-protected information by county employee, largely flies under the radar.

Six-months after the Douglas County Department of Health and Human Services determined an employee had accessed protected personal and health information without authorization, a notice appeared on the county’s website.

That notice can be found here. Fox21 reports some additional details that they were able to obtain from the department spokesperson, but

Our questions regarding any criminal investigation into the employee’s actions were directed to the Superior Police Department.

Chief of Police, Paul Winterscheidt, confirmed an investigation into unauthorized access of HIPAA information, began June 13, 2024. The investigation found that while HIPAA-protected information was access, it was likely not disseminated beyond the employee. The county prosecutor did not peruse charges following the investigation.

Read more at Fox21. The department spokesperson informed them that notification letters had been sent to 316 people, but didn’t reveal how many people were affected for whom they do not have current addresses. Nor did the department’s notice explain why it took so long for them to discover the improper access by the employee and what role the employee was in.

DataBreaches submitted an email inquiry to the county this morning that asked some specific questions about the incident and the county’s response, but no reply has been received.  The questions asked the county:

  • how many patients, total, had their PHI accessed without authorization or legitimate purpose by the now-former employee;
  • whether the county knows what the employee’s motivation was in accessing these patients’ records;
  • why it took from August 11, 2022 to May 13, 2024 to detect or confirm the improper access;
  • whether the county had any software deployed to detect improper employee access; and
  • what the county has done in response in the way of additional security controls to prevent employee wrongdoing of this kind.

This post will be updated if a response is received. In the interim, here is the county’s website notice:

Website Notification 12.10.24 final
Category: Health DataInsider

Post navigation

← Ascension cyberattack exposed personal data of 5.6 million people
Tracker firm Hapn spilled names of thousands of GPS tracking customers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.