Alleged breach exposes data of Special Operations Command healthcare workers

An alleged breach unveiled the sensitive information of healthcare employees working for the U.S. Special Operations Command, according to BBC.

The data contained workers' names, addresses, email addresses, phone numbers, resumes, salary information and Social Security numbers, according to the Tampa Bay Times. It was found online by Chris Vickery, a researcher from security company MacKeeper, who wrote about it in a blog post.

The affected healthcare workers are employed by Woodbridge, Va.-based Potomac Healthcare Solutions, which provides employees for SOCom's Preservation of Force and Family program. Potomac is a subcontractor with McLean, Va.-based Booz Allen Hamilton, which contracted with SOCom in 2013 to run the Preservation of Force and Family program. The program provides commandos and their families with mental, physical and spiritual care.

Potomac is aware of the incident and said there is no evidence the data has been compromised. "The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns," the company said, according to the Tampa Bay Times.

A spokesman for Booz Allen Hamilton issued a similar comment. "We take any allegations of a data breach very seriously, including those from our subcontractors," spokesman James Fisher told the Tampa Bay Times. "We are looking into this alleged event."

Update: On Jan. 5, Potomac Healthcare Solutions emailed Becker's Hospital Review a statement claiming its investigation "has confirmed that the impacted server did not contain any classified government information or protected medical or personal data related to active duty military personnel or their families" but that the server "did contain files with data of a limited number of current and former Potomac employees' personal information." The organization added that it has "no evidence to suggest that any employee information has been used inappropriately." The full statement from Potomac Healthcare Solutions is below.

"As a follow-up to the initial communication on this issue, Potomac Healthcare Solutions, with support from an external forensic IT firm, has completed its investigation of a security incident involving the unauthorized access of one of our internal servers.

"Despite earlier media reports, our review, which was immediately initiated after the initial questions were raised, has confirmed that the impacted server did not contain any classified government information or protected medical or personal data related to active duty military personnel or their families. However, the affected server did contain files with data of a limited number of current and former Potomac employees' personal information.

"While we have no evidence to suggest that any employee information has been used inappropriately, Potomac is in the process of proactively reaching out to impacted employees to provide guidance on how they can protect themselves and is offering complimentary credit monitoring and identity theft protection services to affected individuals. The privacy and security of personal information is a top priority, and we are committed to taking steps to prevent this type of incident from occurring again in the future."

More articles on health IT:
Survey: 16% of healthcare executives plan commercial blockchain solutions in 2017
Intermountain Healthcare leverages telehealth for infectious disease care
Mayo Clinic designs genomic diagnostic test for lymphoma

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months