Skip to main content

Government & Policy

By Kat Jercich | 03:52 pm | August 18, 2021
The Indiana Department of Health said this week that it was notifying almost 750,000 Hoosiers after a company "improperly accessed" the data from the state's COVID-19 online contact tracing survey.   But the company in question, the cybersecurity vendor UpGuard, told the Associated Press' Rick Callahan that it had actually discovered the data was publicly accessible on the internet and had notified the health department about it.   "This is known as a data leak," UpGuard spokesperson Kelly Rethmeyer said in a statement sent to Callahan. "It was not unauthorized because the data was configured to allow access to anonymous users and we accessed it as an anonymous user."   UpGuard has deleted all the data in its possession, said Rethmeyer.   UpGuard and IDH did not respond to Healthcare IT News' requests for comment by press time.   WHY IT MATTERS   IDH said it learned on July 2 that a company had accessed the data from the state's online COVID-19 contact tracing survey. The data included names, addresses, dates of birth, emails, gender, ethnicity and race.    But UpGuard representatives told Callahan that it had not "improperly accessed" the data.   Rather, said Rethmeyer, the company "aided in securing the information, in turn ensuring that it would no longer be available to anyone with malicious intent."   Indiana officials said that UpGuard had signed a so-called certificate of destruction to confirm it had destroyed the data and not shared it with any other entity.    The records were returned on Aug. 4.   "We take the security and integrity of our data very seriously," said Tracy Barnes, chief information officer for the state, in a statement provided to local news site WTHR. "The company that accessed the data is one that intentionally looks for software vulnerabilities, then reaches out to seek business." "We have corrected the software configuration and will aggressively follow up to ensure no records were transferred," Barnes added.   THE LARGER TREND   Although the exact situation with IDH remains unclear, it wouldn't be the first time COVID-19-related data accidentally went public.    In May of this year, a Wyoming Department of Health employee mistakenly uploaded COVID-19, influenza and blood alcohol test results for more than a quarter of the state's population to a public-facing website.   Two months prior, a state of California employee improperly accessed more than 2,000 employee and patient records from Atascadero State Hospital that had been necessary for tracking COVID-19.   ON THE RECORD   Regarding the Indiana incident, "in this case, the data that was accessed appears to have been done so in a way that did not put it at risk of cyber criminals obtaining it," said Erich Kron, security awareness advocate at the training vendor KnowBe4, in a statement.    "Unfortunately, 'software configuration' errors such as this often lead to the data being accessed by bad actors, putting the users of the systems at risk," Kron said. Kat Jercich is senior editor of Healthcare IT News. Twitter: @kjercich Email: kjercich@himss.org Healthcare IT News is a HIMSS Media publication.
By Kat Jercich | 04:28 pm | August 16, 2021
The consulting firm told Healthcare IT News that the incident had no impact on its operations or on its clients' systems.
By Kat Jercich | 01:14 pm | August 16, 2021
The agency determined that its internally developed Resource and Patient Management System would not be sustainable in the long term.
HIMSS21
By Jonah Comstock | 04:31 pm | August 13, 2021
The two former governors – one running again – had lots to say about COVID-19 crisis response, vaccine hesitancy, Medicaid expansion, hospital staffing shortages and other healthcare challenges.
HIMSS21
By Jonah Comstock | 12:34 pm | August 13, 2021
National Coordinator for Health IT Micky Tripathi and Dr. Daniel Jernigan, acting deputy director for public health science and surveillance at the CDC, say it's vital to overcome data-sharing barriers.
HIMSS21
By Jonah Comstock | 12:20 pm | August 13, 2021
The national coordinator for health IT laid out some of ONC's priorities under the Biden-Harris administration and explained why he thinks "info blocking" needs a rename.
By Adam Ang | 04:00 am | August 13, 2021
Also, Australian health IT provider Healthsite adds Tyro's payment service to its online booking system.
HIMSS21
By Kat Jercich | 07:00 pm | August 12, 2021
Rhode Island Rep. Brian Patrick Kennedy and Florida Sen. Gayle Harrell explained the role virtual care has played in their states during COVID-19. 
HIMSS21
By Mike Miliard | 04:20 am | August 12, 2021
At HIMSS21, Lt. Gen. Ronald Place of the Defense Health Agency said trust in data has been essential to the DoD's decision-making processes as it works to keep service members healthy and maintain operational readiness.