On August 17, the Department of Public Safety (DPS) of South Dakota sent out breach notifications to patients exposed by a June 19 data breach. The patient data breach is currently under investigation by the FBI. More details about the patient data breach is discussed below.
COVID-19 Patient Data Breach
DPS Fusion Center, the database used to store and share COVID-19 patients’ names and addresses with local law enforcement, was subject to a data breach. DPS sent out breach notification letters to affected patients stating that their names, addresses, dates of birth, and COVID-19 statuses may have been affected by the patient data breach.
The purpose of the database was to create an online portal to increase the safety of first responders. To access the data, first responders would call a dispatcher before responding to a house call to determine whether or not someone in the house had tested positive for COVID-19.
Why Compliancy Group
HIPAA Compliance is an important part of your business, so why not use someone you can trust? Compliancy Group is the only compliance firm to be listed on both Inc. 2020 Best Places to Work and 2020 Inc. 5000 list of the fastest-growing private companies in America. By working with us, you are welcomed into the safety of our family.
DPS claims that the data was only available to “a select number of South Dakota officials who received both training in handling the data and an individual password for accessing it,” and that protected health information (PHI) could not be accessed outside of the portal. However, the third-party software developer added labels to patient files that could easily identify a patient’s COVID-19 status outside the system.
One woman affected by the patient data breach shared her letter with a local news organization, which can be viewed below.
The news organization also interviewed the patient, during the interview she stated, “They didn’t tell us that they were using our information, that the Department of Public Safety was using our information in the first place. And now they’re telling us that the whole system they were using was breached and my information has been compromised. I just feel like it’s added stress to an already delicate situation.”