On September 16, 2020, the Department of Health and Social Services (DHSS) discovered that a Division of Public Health temporary staff member mistakenly sent two unencrypted emails, one on August 13, 2020, and one on August 20, 2020, to an unauthorized user.
These unencrypted emails involved COVID-19 test results for approximately 10,000 individuals. The email of August 13, 2020 included test results for individuals tested between July 16, 2020, and August 10, 2020 while the August 20, 2020 email included test results for individuals tested on August 15, 2020. The emails were meant for internal distribution to call center staff who were responsible for informing the candidates and their family about the results.
The individual to whom these emails were sent mistakenly has informed the Division of Public Health (DPH) about inadvertent receipt of emails and DPH has taken all the necessary actions. The Division of Public Health has mailed the incident to all the individuals who were impacted by the data breach and has deleted the emails along with the files attached to them. A thorough investigation of the incident was conducted. Currently there is no evidence to suggest that there has been any attempt to misuse any of the information.