Approximately 3,000 clients of the Community Care Services Program in Georgia are being notified that the Division of Aging Services inadvertently emailed their personal data to a contracted provider that was not authorized to view the information.
How many victims? Approximately 3,000.
What type of personal information? Names, regions, and certain health diagnoses.
What happened? The Division of Aging Services inadvertently emailed the personal data of clients in the Community Care Services Program to a contracted provider that was not authorized to view the information.
What was the response? The recipients of the email deleted it without accessing its contents. Additional safeguards have been installed in Division of Aging Services programs, and staff will be undergoing additional training on privacy standards. Affected clients have been notified.
Details: An encrypted email containing the personal information was inadvertently sent to the Fuqua Center for Late-Life Depression at Emory University on June 8. The incident was discovered on June 9. Two of the three recipients deleted the email on June 10 and the third deleted it on June 11.
Quote: “While we are confident that this data breach was limited in nature and resolved almost immediately, we are obligated to ensure that our clients and the public can trust the integrity of our programs,” Robyn Crittenden, Georgia's human services commissioner, said in a press release.
Source: a Monday email correspondence with a Community Care Services Program spokesperson; aging.dhs.georgia.gov, “Division of Aging Services notifies 3,000 clients of data breach,” July 24, 2015; aging.dhs.georgia.gov, “FAQ: CCSP Data Breach,” July 24, 2015.