Emailing error leads to over 640 client accounts being exposed, DSHS says
An emailing error at the Department of Social and Health Services in June compromised over 640 email addresses of clients served by the Developmental Disabilities Administration, DSHS admitted Friday.
“We are entrusted with confidential patient information,” Evelyn Perez, assistant secretary for DDA said in a statement.
“One instance of disclosing personal information is one too many. We do not take this mistake lightly and staff have been retrained on proper email protocol.”
The email was sent to inform clients about a new law that was going into effect. The email mistakenly listed the recipients on the “to” line instead of a “bcc” line, revealing the accounts of clients to all others on the email.
Under the current HIPAA Privacy Rule, email addresses of patients, relatives and household members are private and marked as classified health information. Upon learning about the error, DDA notified all those who were affected by the breach of confidentiality.
In the state statement, DSHS noted that those impacted by the breach should not have identity theft or credit score issues.
For more information, contact the Washington State AG website as well as the Federal Trade Commission.
This story was originally published August 14, 2020 at 2:59 PM with the headline "Emailing error leads to over 640 client accounts being exposed, DSHS says."
