An unencrypted email resulted in potential health information data breach for over 500 patients in North Carolina. The North Carolina Department of Health and Human Services (DHHS) has experienced a health data breach second time due to an unencrypted email. Earlier, the incident involved the health data breach of 524 state Medicaid patients.
DHHS mentioned that the email that compromised the information was sent to the correct recipient but was unencrypted which is against the policy. Affected information includes Medicaid patients, including patient names, addresses, Medicaid recipient ID numbers, genders, ethnicity, race, insurance information, provider names, Social Security numbers, and dates of birth.
Unencrypted email and data breach
DHHS has plans to overhaul the email encryption process by updating email software. The said software will block any email containing patient information from being sent until the information has been encrypted. DHHS believes that software eliminates the risk of human error.
“We take very seriously our responsibility to secure the personal information entrusted to us,” said Dave Richard, DHHS deputy secretary in charge of Medicaid. “This technology adds a safety net and a layer of protection that goes beyond the human element. This is an important, necessary addition to our workflow.”
DHHS also suffered health data security issues back in 2014. DHHS officials believes that it was the agency’s responsibility to protect patient information.
“I deeply apologize for the impact that this has caused to the citizens of the state,” DHHS secretary Aldona Wos explained at the time. “First and foremost, I firmly believe as secretary, that it is my obligation to ensure that the children and families we serve receive their health care … in a protected and secure environment.”
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.