HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Surgeon General Warns Employees of Personal Information Breach

Another federal agency has experienced a breach of personal information. This time, the data of current, former, and retired members of the United States Public Health Service Commissioned Corps has been compromised.

The Commissioned Corps is tasked with providing medical services to underserved populations as well as promoting, protecting, and advancing the health and safety of the nation, including disease control, and ensuring drugs and medical devices are safe and effective.

The Commissioned Corps., includes around 6,600 medical professionals including physicians, surgeons, therapists, pharmacists, dentists, and nurses. At this stage it is unclear exactly how many of those individuals – and former and returned members – have been affected by the breach.

The security incident is currently under investigation, although employees have been notified by email of the breach by Surgeon General Vice Adm. Vivek H. Murthy. “Based on our investigation, affected individuals are those served by this website-based system: current, retired, and former Commissioned Corps officers and their dependents.”

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

According to the Washington Post, the Commission learned of the breach on September 20. A system used to “process payroll, leave, time, attendance, and other functions” appears to have been accessed by unauthenticated users. The website portal that was breached has been taken offline while the investigation is conducted and will likely remain down until the investigation has been completed.

Employees have been warned to be alert to potential misuse of their data and have been advised to obtain a credit report. Karen B. DeSalvo, HHS Acting Assistant Secretary for Health has suggested affected individuals may be offered credit monitoring services, although not at this stage.

At this moment in time efforts are being directed to learning more about the breach, how access was gained to data, and what measures can be implemented to prevent future attacks. DeSalvo has indicated further information will be provided to affected employees as and when it becomes available.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.