According to a press release today, the North Carolina Department of Health and Human services (DHHS) is notifying affected individuals of a security incident where a spreadsheet containing personal information of about 6,000 people was accidentally sent via an unencrypted email. The spreadsheet contained names, social security numbers and drug test results for those applying for employment and volunteer opportunities within the agency.
The incident took place almost 2 months ago on Sept. 27th, 2017, but information is just now being released. Although the email was removed from the recipient’s systems, there is no way to know if the private information was intercepted by a 3rd party.
Such a simple and easily avoidable mistake can have long-lasting consequences both to the individuals affected by the breach, and to the reputation of the organization involved. The spreadsheet that was leaked contained thousands of social security numbers, which would have easily been detected by the data leak prevention (DLP) engine integrated in the SecureMail Gateway™ solution. Administrators can easily set rules to block or force encryption for emails containing private information in the body or attachments of the email. Any organization that handles credit card numbers, social security numbers, or private health information (PHI) should have an outbound DLP solution in place as a simple ‘safety net’ to catch mistakes like this before they become headlines.
North Carolina Dept. of Health and Human Services (2017, November 24). DHHS Reports Data Security Incident. Retrieved from https://www.ncdhhs.gov/news/press-releases/dhhs-reports-data-security-incident
WBTV Web Staff (2017, November 24). NC DHHS: 6,000 affected after email error, security breach. Retrieved from http://www.wbtv.com/story/36919918/nc-dhhs-6000-affected-after-email-error-security-breach