The Delaware health department sent a spreadsheet to four students — a document with information for a project — without realizing that the document included protected health information, according to a report from the local news radio station WDEL.
Five things to know:
1. Four seniors at the University of Delaware requested information from the Delaware Department of Health and Social Services for a project about identifying service gaps in the community. The project involved geo-mapping and the students requested information that included age range and disability status.
2. The Delaware Division of Developmental Disabilities Services emailed the requested information to students on April 9. However, the document sent also included full names, birth dates, primary diagnoses and county information, which breached HIPAA.
3. There were 350 individuals who had their personal health information exposed in the breach.
4. The students gave their presentation over a Zoom call on May 8, which the department ended as soon as they realized the presentation included the protected health data. The health department then told students to destroy files and emails used during the project that included the protected information.
5. The department said it addressed the individual responsible for sending the PHI to the students "administratively."
More articles on cybersecurity:
Moffitt Cancer Center CISO to chair FCC's new hospital robocalls protection group
Microsoft sues to halt COVID-19 hackers
California health system reports 4 employee emails hacked since April