x
Breaking News
More () »

Personal information for 750K Hoosiers improperly accessed from state's COVID-19 online contact tracing survey

The Indiana Department of Health is sending letters to the affected Hoosiers to notify them.

INDIANAPOLIS — The Indiana Department of Health is notifying nearly 750,000 Hoosiers that data from the state's COVID-19 online contact tracing survey was improperly accessed.

The data, which was accessed on July 2, includes name, address, email, gender, ethnicity and race and date of birth.

Last week, the state and the company that accessed the data signed a “certificate of destruction” to confirm that the data was not released to any other entity and was destroyed by the company.

RELATED: Indiana Court of Appeals rules state can end federal pandemic unemployment benefits

RELATED: VERIFY: Yes, if you are fired for not getting a required vaccine, you can be denied unemployment benefits

According to IDOH, the Indiana Office of Technology and IDOH immediately corrected a software configuration issue and requested the records that had been accessed after being notified of the unauthorized access. The records were returned Aug. 4.

“We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained,” said State Health Commissioner Kris Box, M.D., FACOG. “We will provide appropriate protections for anyone impacted.”

IDOH is sending letters to the affected Hoosiers to notify them the state will provide one year of free credit monitoring and is partnering with Experian to open a call center to answer questions from those impacted.

The Indiana Office of Technology will also continue its regular scans to make sure information was not transferred to another party.

“We take the security and integrity of our data very seriously,” said Tracy Barnes, chief information officer for the state. “The company that accessed the data is one that intentionally looks for software vulnerabilities, then reaches out to seek business. We have corrected the software configuration and will aggressively follow up to ensure no records were transferred.”

What other people are reading: