46K emails exposed in Aging Partners data breach
State health officials say they have been notified of a breach of protected health information impacting a Lincoln agency.
LINCOLN, Neb. (KLKN) — State health officials say they have been notified of a breach of protected health information impacting a Lincoln agency.
The Nebraska Department of Health and Human Services says the breach occurred within Aging Partners and was the result of a “phishing” scam.
It occurred between May 18 and May 21, and was discovered May 25, according to DHHS.
DHHS says an unauthorized individual had access to email accounts which contained over 46,000 total emails, some of which contained protected health information.
An investigation by city staff determined some HIPAA-protected information was vulnerable, and disconnected access to the at-risk emails.
According to a news release, the city contracted with a forensic company to determine the extent of the breach.
It was determined emails involving 1,513 program participants contained protected information, such as address, date of birth, phone number, social security number, date of service, type and amount of service, or other health information (i.e., medical conditions, level of care assessments, or medication lists).
DHHS says the majority of emails contained names of program participants only.
Some emails contained bank account or other financial information, and Aging Partner will pay for professional credit monitoring for those people.
Aging Partners will also reach out to those impacted by mail.
Officials advise those affected to get a free annual credit report and to monitor for suspicious activity.