Employee Errors Expose PHI, PII, Social Security Numbers
Both the Illinois Department of Corrections and the Colorado Office of Information Technology recently released personal information by mistake.
The Illinois Department of Corrections (IDOC) and the Colorado Office of Information Technology (OIT) both recently announced data breaches resulting from employee error.
On August 14, 2015, IDOC determined that the names, job titles, salaries and Social Security numbers of more than 1,000 employees were mistakenly included in a response to a Freedom of Information Act (FOIA) request, the Chicago Tribune reports.
The person who received the information forwarded it to an inmate without realizing it contained personal information. His account was verified via a polygraph test, according to the Tribune.
The data was found by prison mailroom staff during an inspection of incoming mail, and the documents were "immediately secured in the facility vault," IDOC said in a statement.
According to IDOC, the release of personal information was the result of human error. The department says it's conducting a full audit of its FOIA unit, and is improving its procedures to prevent a recurrance.
All employees whose personal information was included in the document are being offered access to credit monitoring services.
Similarly, Colorado's OIT recently announced that a technical error caused approximately 3,000 letters to be sent to the wrong address between May 25 and July 5 of 2015.
According to the OIT, 1,622 of the letters were intended for Medicaid recipients and contained personal health information, and 1,069 were intended for Colorado Department of Human Services (CDHS) clients and included Social Security numbers. Another 353 CDHS letters included personally identifiable information such as names, addresses and state identification numbers.
All those affected are being offered access to credit monitoring services.
"The error occurred during a technical code change made by a vendor in late May which impacted fields of information in an unanticipated manner," OIT said in a statement. "The initial problem was reported to OIT on July 1. After determining the problem was wider spread, a fix was put into place July 5."
"While the fix corrected the problem, OIT and its vendor have put in additional quality checks to ensure such a situation does not occur again," the statement adds. "The first verifies that the names printed on letters match the individuals linked to a case; the second verifies that the address matches the intended address for the communication. If either check fails, the letter is not mailed."
"We are stewards of people’s personal information and we take that responsibility very seriously," Colorado CIO Suma Nallapati said in a statement. "We are doing everything possible to ensure this does not happen again."
Photo courtesy of Shutterstock.