Metro Public Health Department in Tennessee has been exposed to incredibly damaging exposure that has put thousands of HIV/Aids patients at severe risk of their sensitive information being leaked to the dark web. At time when the protection of consumer data has been a hot topic, this lapse in security surrounding personal and confidential information has resulted in outcry from consumers who are demanding stronger regulations surrounding the access and control of their data.
According to the Tennessean news site, for about nine months, information dating back as far as 1983 about individuals in Tennessee with HIV/AIDS was left accessible on a shared computer server open to all staff members at the Nashville Metro Public Health Department. This information was supposed to only be accessed by three data scientists, but according to reports, more than 500 employees had access to this confidential information.
In addition to identities of HIV/AIDS patients, the unsecured database allegedly contained Social Security numbers, birthdays, addresses, lab results and intimate details, such as whether individuals were gay, bisexual or transgender – and whether they ever used illegal drugs.
Post breach, we can expect data breach attorneys, computer forensic experts, and PR consultants, all billing at an hourly rate. Depending on their findings, notification and credit monitoring costs could follow. Lastly, if medical records were exposed, then a complete security risk assessment may be conducted by the Office of Civil Rights under the federal HIPAA legislation.
Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!
If you’d like to learn more about this data breach, click here.