The Oklahoma Department of Human Services is notifying 47,000 clients of a data breach from 2016 in which an unauthorized source accessed their personal information, according to HHS' Office for Civil Rights Breach Portal.
However, a spokeswoman for the agency told Becker's Hospital Review 32,773 letters in total had been delivered. That's because this was the second notification letter sent about the same incident — DHS had neglected to notify HHS the first time.
An unauthorized user accessed a computer used for a state assessment at Poteau, Okla.-based Carl Albert State College in April 2016. The incident compromised names, addresses, dates of birth and Social Security numbers of current and former DHS Temporary Assistance for Needy Families clients.
The college was notified of the incident two weeks after, and it notified the Department of Homeland Security Office of Inspector General by May 2016. All affected TANF clients were initially mailed letters in August 2016. However, since DHS' responsibilities fall under HIPAA, HHS required the organization to distribute a second notice, which was mailed Nov. 30.
There has been no evidence that any data was downloaded from the college's computer server, and the college took immediate steps to secure the data as well as continue monitoring efforts after the breach.