The **State’s Department of Corrections (DOC)** inadvertently disclosed the **protected health information (PHI)** of **over 1,700 individuals** while responding to a public records request. The breach, discovered in **September** (though the data was released in **July**), involved highly sensitive details, including **names, mental health diagnoses, and other confidential medical records**. The incident was a direct violation of **HIPAA (Health Insurance Portability and Accountability Act)**, exposing individuals to potential **privacy risks, discrimination, or identity theft**. The DOC acknowledged the error and began notifying affected parties, though the delay in detection raises concerns about **data handling protocols and compliance oversight**. The leaked information, given its **medical and psychological nature**, poses long-term risks to the impacted individuals, including **stigmatization, financial exploitation, or targeted scams**. The breach underscores systemic vulnerabilities in **government data protection measures**, particularly when processing public records requests.
Source: https://715newsroom.com/2025/11/08/data-breach-affects-wi-dept-of-corrections/
Washington State Department of Corrections cybersecurity rating report: https://www.rankiteo.com/company/wacorrections
"id": "wac5232552110825",
"linkid": "wacorrections",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,700+ individuals',
'industry': 'Public Safety / Corrections',
'name': 'State Department of Corrections (DOC)',
'type': 'Government Agency'}],
'customer_advisories': 'Notifications Sent to Affected Individuals',
'data_breach': {'data_exfiltration': 'Yes (Unintentional Disclosure via '
'Public Records Request)',
'number_of_records_exposed': '1,700+',
'personally_identifiable_information': 'Yes (Names, Health '
'Data)',
'sensitivity_of_data': 'High (Health Information)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Names',
'Mental Health Diagnoses']},
'date_detected': '2023-09',
'description': 'More than 1,700 individuals had their protected health '
'information (PHI) mistakenly released by the state’s '
'Department of Corrections (DOC) while responding to a public '
'records request. The error was discovered in September 2023, '
'though the data was released in July 2023. The exposed files '
'included names, mental health diagnoses, and other sensitive '
'details. The breach was acknowledged as a violation of HIPAA, '
'and affected individuals are being notified.',
'impact': {'brand_reputation_impact': 'Potential Damage (HIPAA Violation '
'Acknowledged)',
'data_compromised': ['Names',
'Mental Health Diagnoses',
'Other Sensitive Protected Health Information '
'(PHI)'],
'identity_theft_risk': 'High (Sensitive PHI Exposed)',
'legal_liabilities': 'HIPAA Violation'},
'investigation_status': 'Discovered (September 2023)',
'post_incident_analysis': {'root_causes': 'Human Error in Handling Public '
'Records Request'},
'regulatory_compliance': {'regulations_violated': ['Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA)'],
'regulatory_notifications': 'Affected Individuals '
'Notified'},
'response': {'communication_strategy': 'Public Acknowledgment of Breach',
'remediation_measures': 'Notification of Affected Individuals'},
'title': 'Unintentional Disclosure of Protected Health Information by State '
'Department of Corrections',
'type': 'Data Breach (Unintentional Disclosure)',
'vulnerability_exploited': 'Human Error (Improper Handling of Public Records '
'Request)'}