The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Surgeon General Warns Employees of Personal Information Breach

Posted By on Oct 4, 2016

Another federal agency has experienced a breach of personal information. This time, the data of current, former, and retired members of the United States Public Health Service Commissioned Corps has been compromised.

The Commissioned Corps is tasked with providing medical services to underserved populations as well as promoting, protecting, and advancing the health and safety of the nation, including disease control, and ensuring drugs and medical devices are safe and effective.

The Commissioned Corps., includes around 6,600 medical professionals including physicians, surgeons, therapists, pharmacists, dentists, and nurses. At this stage it is unclear exactly how many of those individuals – and former and returned members – have been affected by the breach.

The security incident is currently under investigation, although employees have been notified by email of the breach by Surgeon General Vice Adm. Vivek H. Murthy. “Based on our investigation, affected individuals are those served by this website-based system: current, retired, and former Commissioned Corps officers and their dependents.”

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

According to the Washington Post, the Commission learned of the breach on September 20. A system used to “process payroll, leave, time, attendance, and other functions” appears to have been accessed by unauthenticated users. The website portal that was breached has been taken offline while the investigation is conducted and will likely remain down until the investigation has been completed.

Employees have been warned to be alert to potential misuse of their data and have been advised to obtain a credit report. Karen B. DeSalvo, HHS Acting Assistant Secretary for Health has suggested affected individuals may be offered credit monitoring services, although not at this stage.

At this moment in time efforts are being directed to learning more about the breach, how access was gained to data, and what measures can be implemented to prevent future attacks. DeSalvo has indicated further information will be provided to affected employees as and when it becomes available.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist