Ind. breach impacts almost 200,000

The Indiana Family and Social Services Administration (FSSA) is in the process of notifying almost 200,000 clients that some of their personal information may have been accidently disclosed to other clients, according to a statement from the organization.

The accidental disclosures may have occurred when RCR Technology Corporation (RCR), a contractor for FSSA, made a computer programming error to a document management system the company supports on behalf of FSSA. This error caused an undetermined number of documents being sent to clients to be duplicated and also inserted with documents sent to other clients. Some clients may have received documents belonging to other clients along with their own documents.

The programming error was made on April 6, and affected correspondence sent between April 6 and May 21. The error was discovered on May 10. RCR determined the root cause of the programming error and it was corrected on May 21.

In compliance with federal and state privacy law, FSSA has sent written notices to the 187,533 potentially impacted FSSA clients informing them that some of their personal information may have been disclosed.

Information that may have been disclosed includes name, address, case number, date of birth, gender, race, telephone number, email address, types of benefits received, monthly benefit amount, employer information, some financial information such as monthly income and expenses, bank balances and other assets, and certain medical information such as provider name, whether the client receives disability benefits and medical status or condition, and certain information about the client’s household members like name, gender and date of birth. Of the 187,533 clients, 3,926 may have had their Social Security numbers disclosed. 

This is the second HIPAA breach for the Indiana FSSA. In 2012, the agency reported the theft of a company laptop containing the protected health information of 757 clients.