NEW HAVEN HEALTH DEPARTMENT

The City of New Haven, terminated employees were accessing other people’s private personal information from a government computer they took home.

A New Haven computer contained the protected health information (PHI) of 498 individuals.

The compromised information included patient names, addresses, dates of birth, race/ethnicity, gender, and sexually transmitted disease test results.

OCR’s investigated the incident and determined that New Haven failed to conduct an enterprise-wide risk analysis, and failed to implement termination procedures, access controls such as unique user identification, and HIPAA Privacy Rule policies and procedures.

Source: https://www.databreaches.net/new-haven-health-department-failed-to-terminate-former-employees-access-to-protected-health-information/

"id": "NEW203622",
"linkid": "new-haven-health-department",
"type": "Breach",
"date": "08/2016",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"