Breach of Indiana's COVID-19 contact tracing initiative exposes 750,000

The Indiana Department of Health began notifying nearly 750,000 residents that their data from the state's COVID-19 contact tracing survey was accessed by an unauthorized user.

Five things to know:

  1. The survey data stored include information on survey respondents' names, email, addresses, birthdates and more, according to an Aug. 17 news release.

  2. Indiana was notified of the breach July 2 and worked to correct the software misconfiguration. It requested the data that had been accessed, and those records were returned to the state Aug. 4.

  3. The company that accessed the data intentionally looks for software vulnerabilities at companies to seek business partnerships with them, said Tracy Barnes, CIO for Indiana.

  4. The state and the company that accessed the data signed a "certificate of destruction" to confirm the data was not released to other entities and was destroyed by the company.

  5. The health department will send letters notifying those affected by the breach. They will be eligible for one year of free credit monitoring with Experian.
 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars