USPS Breach Could Have Compromised Health Data for 485K Workers
January 6, 2015 in News
The U.S. Postal Service has reported that about 485,000 current and former employees’ health information might have been compromised in a breach the agency reported in November 2014, GovInfoSecurity reports.
USPS on Nov. 10, 2014, reported an information systems breach that affected about 800,000 employees and 2.9 million customers (Roman, GovInfoSecurity, 1/5). During the breach, hackers were able to access affected individuals’:
- Dates of birth; and
- Social Security numbers (McCann, Healthcare IT News, 1/5).
After investigating the breach further, USPS reported that the hackers could have accessed a file detailing workers’ compensation information relating to 485,000 individuals who worked for the agency between November 1980 and August 2012 (GovInfoSecurity, 1/5). Specifically, information that might have been compromised included:
- Injury diagnoses;
- Location of bodily harm; and
- Medical procedure codes (Snell, Health IT Security, 1/5).
The breach is not considered a HIPAA violation because USPS is not a HIPAA-covered entity (GovInfoSecurity, 1/5).
In a statement, USPS spokesperson David Partenheimer said the agency has taken “steps to obtain current addresses for as many affected employees as possible through private contractors who used, among other sources, the Postal Service’s own National Change of Address database.”
The agency also has implemented additional security measures, such as:
- Changes to employee policies and procedures;
- Equipment upgrades; and
- System upgrades (Health IT Security, 1/5).
USPS will provide one year of no-cost credit monitoring to all affected individuals (GovInfoSecurity, 1/5).