Wyoming’s Department of Health Accidentally Leaks 25% of the Population’s PII

Posted on by Dawna M. Roberts in News May 06, 2021

Info Security Group online magazine reported that Wyoming’s Department of Health (WDH) accidentally exposed 25% of the state population’s personally identifiable medical information through GitHub.com.

What Happened?

Wyoming Data Leak

The incident occurred when an employee of the WDH mishandled 53 laboratory test result files. The agency posted a notice about the data breach on their website along with a plan of resolution. 

The organization discovered the data breach on March 10. However, the resulting investigation revealed that it could have begun as early as November 5, 2020. Roughly 164,021 Wyoming residents are affected by the data breach and their personal information was inadvertently revealed online.

Some of the information exposed in the breach includes COVID-19 test results, influenza, and even blood alcohol test results from January 2020 to March 2021. More alarmingly, along with the test results, the data exposed patients’ names, ID numbers, home addresses, birthdates, and the date of the tests. 

How Has the WDH Responded?

When asked for a comment, a spokesperson for the WDH said:

“These files were mistakenly uploaded by a WDH Public Health Division workforce member to private and public online storage locations, known as repositories, on servers belonging to GitHub.com.”

Additionally, they noted that the information “was also unintentionally disclosed, meaning it was made available to individuals who were not authorized to receive it, on GitHub’s public site as early as January 8, 2021.”

The Wyoming Department of Health is notifying all individuals now. There are, however, some individuals that they do not have complete contact information for and may not be able to reach all affected patients. The state agency is offering one free year of identity theft protection for all affected persons.

WDH director Michael Ceballos said:

“While WDH staff intended to use this software service only for code storage and maintenance rather than to maintain files containing health information, a significant and very unfortunate error was made when the test result data was also uploaded to GitHub.com.” 

He also offered up an apology “We are taking this situation very seriously and extend a sincere apology to anyone affected. We are committed to being open about the situation and to offering our help.”

The agency reassures the public that the files in question have been removed and all traces of the exposed data.

What is PII?

Personally identifiable information is data linked to a specific person like a social security number, driver’s license ID, or medical ID. These are unique identifiers that bad actors could potentially use for identity theft or fraud. 

How Can Identity Theft Occur from a Data Breach Like This?

As evidenced by this attack, data breaches don’t just occur through hacking. Often employees make mistakes, and information is exposed online. With so many companies using online cloud storage, it is not that big of a surprise.

However, each one of those 164,000 people whose information was exposed online is now at risk of identity theft. Cybercriminals collect as much data as possible about someone, usually by combining information stolen in multiple data breaches. They put together profiles with enough details to gain access to the person’s accounts or trick government agencies so they can obtain passports, social security numbers, or other IDs to use with banking, property rental, or opening new credit accounts in the victim’s name.

Another way identity theft occurs is through phishing emails. Hackers may send very convincing emails to victims of a data breach using some of their own personal information. The recipient trusts the email because they see their own personal information that only the sender must know. They don’t, however, realize it’s a spoofed email address and a trick to steal more information or commit fraud. 

You can never be too careful when protecting your PII from identity thieves.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

Scan Your Records for Breaches, Leaks & Exposures!