Early Learning Coalition Data Breach (2014)

A former employee improperly accessed the personal data of approximately 200,000 individuals. Often discussed on this website is the importance of healthcare organizations and facilities that store individuals healthcare information must have the necessary HIPAA administrative safeguards in place. Combined with technical and physical safeguards, organizations have a much greater chance at keeping patients protected health information (PHI) secure. However, when a facility has lax or outdated security measures, it can be difficult to monitor who is accessing certain systems. When that happens, former employees can log into an online database and potentially extract sensitive data, such as PHI or financial records. Such is the case with the Early Learning Coalition of Palm Beach County. A breach occurred at the Belle Glade office of Family Central, Inc.The Florida facility recently announced on its website that a former employee accessed the electronic database that manages the personal information of individuals applying for or receiving services from the coalition. The security breach compromised the personal information of individuals whose data is contained in the system, including parents and children residing in Palm Beach County who have received school readiness services or participated in the Voluntary Prekindergarten Education Program, the statement read. Spokeswoman Tara Laxer told a local CBS affiliate that 177 people are currently known to have affected by the data breach. However, there could be more victims. The former employee had access to more than 230,000 identities through a statewide information system, the news source reported. Moreover, 110,000 of those records had valid Social Security numbers. The breach occurred when an employee accessed the database in an unauthorized manner in order to obtain the personal information, including social security numbers, of individuals contained in the database, explained the statement. The employee is no longer employed by Family Central. State and federal officials are currently investigating the incident, Family Central stated. Individuals whose information was known to have been compromised are being notified via email. However, people who have received services from the organization are encouraged to carefully monitor their credit history and enroll for free fraud alerts with one of the three major credit agencies. Family Central has not yet reported that they will offer any free credit services to those potentially affected by the data breach. Family Central has implemented additional security measures including expanded security training for all employees, further restricting access to the information system and revising data security policies, the statement said. Another key thing for organizations to remember is that all third-parties must be aware of the potential privacy risks, and implement the proper security measures to keep data safe. Just last week a New York health insurer had to notify Medicare subscribers that a subcontractor mishandled their PHI. As previously reported, the third-party vendor had a computer coding error, which caused denial letters to be sent to the wrong members. The compromised data included patients names, addresses, member ID numbers and general descriptions of the procedures.