Wisconsin Department of Health Services

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Wisconsin Department of Health Services Data Breach

The Wisconsin Department of Health Services (DHS) experienced a data breach that was announced on October 7, 2022. The breach was discovered during a cybersecurity incident investigation on August 8, 2022. It was found that a presentation emailed to the DHS Children’s Long-Term Support Council in April 2021 contained protected health information (PHI). This presentation was then forwarded to employees working for county government agencies in Rock and other Wisconsin counties and was also posted on the DHS website as part of the meeting minutes[1].

Information Exposed

The data potentially exposed in the breach included the first and last names, dates of birth, genders, county locations, Wisconsin Medicaid member ID numbers, and social security numbers of affected Wisconsin Medicaid members[1].

Response to the Breach

Upon discovering the breach, DHS immediately removed the meeting minutes from the website and replaced them with a PDF version that did not contain the PHI. DHS also took steps to ensure that individuals who received the minutes via email deleted the files. DHS has continued to investigate the incident and is working to prevent such incidents from occurring in the future[1].

Notifications and Support for Affected Individuals

DHS mailed notifications to 12,358 Wisconsin Medicaid members whose information may have been accessed by unauthorized individuals. These members were offered free credit monitoring for one year and access to a dedicated call center to answer any questions they might have. The call center can be reached at 833-875-0804 from 8 a.m. to 8 p.m. CT Monday through Friday[1].

Legal and Regulatory Framework

The Health Insurance Portability and Accountability Act (HIPAA) and other state privacy and security laws create rights for individuals regarding their health information privacy and establish safeguards for health information. These laws are designed to balance the need for protecting PHI with the requirements of providing patient care[2].

Other Data Breaches in Wisconsin

The data breach at DHS is one of several incidents that have affected Wisconsin residents. Other breaches have been reported by various entities, including Advocate Aurora Health, which experienced a breach impacting up to 3 million patients[6]. The Wisconsin Department of Health Services has also reported other breaches, such as an email breach affecting 12,358 individuals[7][11].

Conclusion

The Wisconsin Department of Health Services has taken steps to address the breach and support affected individuals. The incident underscores the importance of robust data protection measures and the need for ongoing vigilance to protect sensitive health information. Affected individuals are encouraged to take advantage of the credit monitoring services offered and to remain alert for any signs of identity theft or fraud.

Citations:

  1. https://www.dhs.wisconsin.gov/news/releases/100722.htm
  2. https://www.dhs.wisconsin.gov/ehealth/privacy.htm
  3. https://www.dhs.wisconsin.gov
  4. https://datcp.wi.gov/Pages/Programs_Services/DataBreaches.aspx
  5. https://datcp.wi.gov/Pages/Programs_Services/DataBreachArchive.aspx
  6. https://www.jsonline.com/story/news/2022/10/21/advocate-aurora-health-data-breach-could-impact-3-million-patients/69581723007/
  7. https://www.hipaajournal.com/wisconsin-department-of-health-services-reports-breach-of-12000-records/
  8. https://spectrumnews1.com/wi/milwaukee/news/2022/10/20/health-system-discloses-breach-tied-to-online-data-tracker-wi
  9. https://www.jsonline.com/story/news/health/2022/10/08/more-than-12-000-wisconsin-medicaid-members-data-potentially-exposed/8210813001/
  10. https://www.dhs.wisconsin.gov/dph/memos/communicable-diseases/2019-07-bcd.htm
  11. https://wausaupilotandreview.com/2023/08/05/the-biggest-health-care-data-breaches-you-should-know-about-in-wisconsin/
  12. https://datcp.wi.gov/Documents/IDTheftDataBreach607.pdf
  13. https://www.perkinscoie.com/en/news-insights/security-breach-notification-chart-wisconsin.html
Breach Submission Date Jul 08, 2022
Converted Entity Name Wisconsin Department of Health Services
Converted Entity Type Health Plan
State WI
Individuals Affected 1,698
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes