On three separate dates — Feb. 16, Feb. 24 and Feb. 25 — emails were sent to a list of individuals eligible for vaccines. The email addresses of each registrant were entered into the “to” line of the message, which allowed each recipient to view the addresses of other registrants, according to the report.
The department said the only data exposed were registrants’ emails and the fact they were eligible for the vaccine. The health department’s privacy officer identified the two employees responsible for the error and concluded that the breach was unintentional.
The two employees have been retrained to avoid future breach incidents and the department also updated its Microsoft Outlook software to increase the visibility of the blind carbon copy option to help prevent similar errors.
More articles on cybersecurity:
Utah COVID-19 testing company stored data on public server, exposing 52,000 patients’ info
American Medical Collection Agency reaches 40-state settlement for data breach that exposed 21 million patients’ info
39,000 affected in Texas medical lab email hack