INDIANAPOLIS (Network Indiana): Data from the state’s COVID-19 online contact tracing survey was improperly accessed, the Indiana Department of Health said Tuesday.
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH.
The state learned of the incident on July 2. Last week, the state and the company that accessed the data signed a “certificate of destruction” to confirm that the data was not released and was destroyed.
When the state learned of the incident, the Indiana Office of Technology and IDOH corrected a software configuration issue and requested the records that had been accessed. Those records were returned on Aug. 4.
“We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained,” said State Health Commissioner Kris Box, M.D., FACOG.
Affected Hoosiers will receive a letter from the Department of Health. The state will also provide one year of free credit monitoring and is working with Experian to open a call center to answer any questions.
“We take the security and integrity of our data very seriously,” said Tracy Barnes, chief information officer for the state. “The company that accessed the data is one that intentionally looks for software vulnerabilities, then reaches out to seek business. We have corrected the software configuration and will aggressively follow up to ensure no records were transferred.”