Health data breach affects thousands

About 3,000 Georgians have been told that some of their health information was inadvertently disclosed.


The data breach affected clients in the Community Care Services Program, which helps people at risk of nursing home placement to remain in their communities.

The program is managed by the Department of Human Services Division of Aging Services, in partnership with Georgia’s 12 Area Agencies on Aging. Overall, CCSP serves about 9,500 people.

The problem involved the unintentional disclosure of certain health diagnoses of program participants through an email to a contracted provider.

“While we are confident that this data breach was limited in nature and resolved almost immediately, we are obligated to ensure that our clients and the public can trust the integrity of our programs,” Georgia’s Human Services commissioner, Robyn A. Crittenden, said in a statement. “We take client privacy very seriously, and it is important that the public is fully aware of this situation and aware of our efforts to prevent such an event in the future.”

Human Services said Monday that the information included names and certain diagnoses. No addresses or other personal details were divulged.

CCSP members or their family members were told earlier in July about the breach.

Data breaches in the corporate world and government have made headlines this year, and such incidents are not unusual in health care. Tougher federal requirements for monitoring and reporting have led to more reporting of incidents when patients’ health information goes missing or may have been inappropriately accessed.

To protect against future disclosure of protected health information, the Department of Human Services said it has installed added safeguards in Division of Aging Services programs. All department staff will undergo additional training on privacy standards, the agency said.