Ohio agency accidentally exposes personal data of disabled – twice
Alan Johnson reports:
Personal and sensitive medical information on 200 developmentally disabled Ohioans was accidentally posted twice on a state computer network in the past 10 days.
Officials with the Ohio Department of Developmental Disabilities said yesterday that the incident was not a “data breach” because the general public never had access to the information.
Nevertheless, the agency is contacting all 200 clients to inform them of the incident and share how to protect themselves in case of data theft.
In addition, about 200 service providers who were using the state network at the time are being told that they “must destroy anything they may have picked up” during the June 28 and July 6 incidents.[…]
On that day, what was described as a testing accident allowed clients’ names, addresses, Social Security numbers, protected medical data and treatment plans to be visible for about an hour to users of the online Payment Authorization for Waiver Services system.
Certified providers of developmental disability services can view their clients’ data but are not supposed to see information about clients of other providers.
The second accident occurred July 6 when information was exposed for a little more than a half-hour, Powell said.
Read more in the Columbus Dispatch.