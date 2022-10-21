DOVER, Del. - The Delaware Division of Developmental Disabilities Services (DDDS) has announced that they have been effected by a data breach.
According to DDDS, their staff discovered in August that while creating new accounts in their database, they provided access to 7074 individuals' records. They say that because of this, 159 new users had access to DDDS service recipients' personal identifiable information and protected health information, as well as potential access to even more detailed information.
DDDS says that they were able to conduct a forensic analysis through their database software vendor, which determined how many users accessed the private information.
According to DDDS, the investigation showed that only 12 records were actively looked at, but certain personal identifiable information and protected health information shows up passively, without the user actually clicking the record. DDDS says that the forensic analysis can not show who may have found out personal information that way.
After consultation with their software vendor, DDDS says they are tightening security and protection of the personal health information of its service recipients. They have:
- Reviewed and reinforced its Health Insurance Portability and Accountability Act (HIPAA)-related policies and procedures.
- Established new guidelines for the creation of user accounts and a tightened approval process for accessing records.
- Worked with its vendor to institute technology checks on providing access.
DDDS says they will take the lessons learned from this into the design and implementation of their new client data management system that they will transition to in 2023.
As required by HIPAA and state law, the DDDS says they have reported this breach to the U.S. Department of Health and Human Services and to the Delaware Department of Justice.
DDDS says they they have started a call center staffed by a contracted company specifically to answer any questions about the data breach. They say that the people at the call center know all the details about the breach and can answer and questions or concerns that people may have. DDDS says they will also be offering a year of free access to credit monitoring for everyone impacted.
According to DDDS, the call center can be reached at 1-833-875-0644 Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time, excluding U.S. holidays.
The Division says information will also be posted on the Delaware Department of Health and Social Services website at: https://dhss.delaware.gov/dhss/ and the division’s website: https://dhss.delaware.gov/dhss/ddds/.
DDDS says they will be sending letters to those effected.