HHS under fire for delayed data breach report

Nearly five million people may have had their sensitive information compromised after a personal laptop was taken from a federal building in Washington state in February, but the breach wasn't reported until late March, prompting Congress members to question the breach response actions taken by HHS, reports The Associated Press.

Burglars reportedly broke into the Office of Child Support Enforcement in Olympia, Wash., and stole hard drives and a personal laptop. The hard drives may have contained up to 5 million names and Social Security numbers, according to the report.

The House government oversight panel sent a letter to HHS Secretary Sylvia Burwell asking for more information surrounding the theft.

In a statement to The Associated Press, Jason Chaffetz (R-Utah), chairman of the oversight committee, said, "HHS hasn't been forthcoming about this incident, so it's unclear who or what is at risk."

In the letter, the oversight committee also asked why HHS waited nearly two months to notify Congress about the data breach, saying the Federal Information Security Management act requires parties to notify Congress within one week of such an incident, according to the report.

A spokeswoman for HHS said the agency complied with the reporting requirements, notifying Congress within the week. The agency said it is still determining how much personal information may be compromised or exposed, according to the report.

Two individuals have been arrested in connection with the burglary, according to the report.

More articles on data breaches:

Northgate Medical experiences internal data breach: 3 things to know
3 ways to manage data breach exposure
Vidant Health notifies 900 patients of data breach, the system's 2nd since February

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers