Wisconsin Department of Health Services, Detroit Health Department, and Zomo Health Report Data Breaches

Wisconsin Department of Health Services Reports Accidental Disclosure of PHI via Email

The Wisconsin Department of Health Services (DHS) has just reported that there was an accidental disclosure of protected health information (PHI) through its email. Based on the breach notice, in April 2021, the DHS Children’s Long-Term Support Council received a presentation through email that held protected health information. The presentation was afterward given by the Council to workers working for particular county government agencies. The presentation was published on the DHS website as part of the meeting minutes.

The mistake was discovered on August 8, 2022, and the file was deleted from the meeting minutes and changed to a file that did not allow access to PHI. Steps were additionally done to retrieve all distributed presentation copies. The presentation held the following types of information: first and last names, gender, date of birth, county location, Wisconsin Medicaid member ID number, and Social Security Number of affected Wisconsin Medicaid members.

DHS stated that the breach impacted 12,358 members of Wisconsin Medicaid. The affected individuals have already received notification and an offer of complimentary memberships to a credit monitoring service for 12 months.

Detroit Health Department Announces Unauthorized Exposure of PHI to Third Party

The Detroit Health Department (DHD) has lately announced the unauthorized exposure of clients’ PHI. As per the breach notification, on May 12, 2022, DHD found out that its office had an unauthorized disclosure of data to a third party. The information compromised included names, gender, race, dates of birth, addresses, contact details, marital status, household size, and participation status in some Detroit Health Department programs. DHD mentioned the breach didn’t impact all DHD clients, however, it is still uncertain precisely how many people were impacted. Those persons are now being informed via mail and were instructed on the steps that they may take to be safe against identity theft and fraud.

Zomo Health Reports the Exposure of Plan Member Information Over the Internet

Zomo Health based in Houston, TX, a company offering health management services, just reported that a spreadsheet that contains plan member details was exposed online. On August 5, 2022, Zomo Health found out that anyone can access a spreadsheet on its website. The company immediately blocked access to the spreadsheet. The investigation confirmed that the spreadsheet became accessible starting on January 15, 2022 because of human error. The spreadsheet lists the PHI of 1,359 persons which includes plan member names, birth dates, Social Security numbers, health plan names, email addresses, work addresses, telephone numbers, and data about involvement in health plan incentives.

Zomo Health stated it has remediated the process vulnerability that resulted in the exposure of the spreadsheet. A third-party security organization was hired to evaluate the safety of its technology systems on a continuing basis and improve its security settings. Impacted persons were informed on September 29, 2022.