State agency accidentally emails health records of 3,000 seniors

Another day, another data breach. This time it's coming from Georgia's Department of Human Services Division of Aging Services. Fortunately, it doesn't appear to have been the work of hackers, but rather a big "oops "on the part of someone sending an email, according to Ravae Graham with the agency.

"The Department has identified the root cause of the issue, which involved the inadvertent disclosure of certain health diagnoses of affected program participants through an email to a contracted provider, and resolved it," wrote Graham. "No other personal information—social security numbers, Medicaid numbers, dates of birth, or contact information—was disclosed."

However, the people affected by this information breach are part of the Community Care Services Program. That program helps people at risk of nursing home placement to remain in their communities. All 3,000 victims have been notified and the department said the problem is fixed.

“While we are confident that this data breach was limited in nature and resolved almost immediately, we are obligated to ensure that our clients and the public can trust the integrity of our programs,” said Georgia’s Human Services Commissioner Robyn A. Crittenden. “We take client privacy very seriously, and it is important that the public is fully aware of this situation and aware of our efforts to prevent such an event in the future.”

To keep this from happening in the future, the agency has installed addition safeguards in its programs and they claim their staff will undergo additional training on privacy standards. 

Anyone with concerns about the data breach can contact the agency by email at (please include CCSP in the subject line) or call 1-844-MYGADHS (1-844-694-2347) and select option 4.