Accidental PHI Exposure at LA Fire Department and Standard Modern Company

The Los Angeles Fire Department has learned that the COVID-19 vaccination information of 4,900 personnel was by mistake exposed on the web.

A listing that contained the full names of employees, birth dates, employee numbers, and COVID-19 vaccination data (vaccination doses, dates, or refused vaccine) had been shared on a webpage available to anyone. At that time that the site was active, it was possible to see the web page and do lookups of the database for names and worker numbers. The database was not secured by password and no details were inputted to authenticate users. In case a wildcard lookup was done, a table was made that showed the records of all 4,900 workers.

The website – covid.lacofdems.com – was registered privately and was connected to the Fire Department’s Emergency Medical Service’s department. The web page, which was not authorized, was developed on April 29, 2021 and was inactivated on July 15, 2021. The site was said to have been made to enable Department staff to access lost vaccination data.

Before the deactivation, a news reporter at the LA Times acquired the information from the data storage. An inquiry into the website owner confirmed that it was hosted by a unit staff and wasn’t protected utilizing a government software program or system.

After discovering the breach and compromise of vaccine status data, some firefighters utilized social media to complain about the privacy breach. The union of firefighters, Local 1014, has requested a complete investigation of the breach.

Mailing Vendor Error Resulted in Delivering Letters to Wrong MassHealth Members

Standard Modern Company, Inc. located in New Bedford, MA has alerted 2,707 patients regarding an accidental exposure of their personal data.

Standard Modern Company is the mailing services provider to the Massachusetts Executive Office of Health and Human Services. On May 24, 2021, Standard Modern Company was advised that a number of MassHealth members had obtained letters that comprised the details of other MassHealth members. All mailings were halted as the occurrence was reviewed, with the investigation verifying an internal program problem had taken place that impacted mailings from May 10, 2021 to May 18, 2021. The mistake resulted in the creation of wrong labels on some mailed notifications.

In every instance, a letter that contains a member’s name, ID number, date of birth, and last four numbers of their Social Security Number, was mailed to another MassHealth member.

Standard Modern Company has discontinued making use of the internal program that generated the mistake, and further safety measures were enforced to enhance its mailing methods and stop more mistakes.

Every one of the 2,707 affected persons only had minimal data exposed to one other person, and there were no documented incidents of improper use of any of the compromised details. A telephone line was set up for impacted people to know more concerning the breach and have their issues responded to, and free access to Triple Bureau Credit Monitoring and cyber monitoring services were given at no cost for two years.

The privacy and security law company in Buffalo, NY Beckage PLLC assisted Standard Modern Company when looking into and addressing the data breach.