The Lake County Health Department revealed that two data breaches occurred in 2019. One of which involved the personal data of almost 25,000 individuals.
According to Jefferson McMillan-Wilhouit, the Chief Health Informatics and Technology Officer at the Lake County Health Department, their health system suffered a data breach in July 2019.
The first breach, which was disclosed earlier this month, occurred after an email was sent to an employee’s personal email address. This spreadsheet in the email contained requests for medical records from 2016 to 2019. These requests were made through a third-party vendor.
The health department sent out a letter on July 2 informing about the breach, which affected 24,241 people.
The second breach, discovered on May 14, involved an unprotected Google spreadsheet that contained sensitive such information as names, dates of birth, phone numbers, email addresses, and vaccination status of seniors seeking information on the COVID-19 vaccine for 705 people.
The Health Department immediately carried out an internal risk assessment after each of the breaches was discovered. It was determined that the information of the individuals affected by the first incident was not compromised. But federal authorities said such data could have been compromised, the Tribune reported.
“We have no indication that the information has been inappropriately used by anyone. We took prompt action to ensure the spreadsheet was moved to a secure data storage location,” said Emily Young, a spokesperson for the Lake County Health Department.
Health department staff members and volunteers can now use a secure system, which has been fully encrypted, McMillan-Wilhoit said.
This is not the first data breach at this facility. Between June 4, 2020, and August 18, 2020, the Lake County Health Department mistakenly exposed customer reports about COVID-19 testing to its long-term care facility employees that were not supposed to see this information.