DHW learns client data may have been accessed without authorization

The Department of Health and Welfare (DHW) has recently been informed that clients’ personal information contained in a contractor’s employee’s email account may have been accessed without authorization.

OS Inc. provides claims management services to the Department of Health and Welfare.  The access was obtained through an email phishing campaign. At this time, there is no evidence that personal information or financial account information was accessed because of this event. The 2,060 individuals potentially affected by this have been notified by OS with a notice sent by U.S. Postal Service.

“Protecting the personal health and financial information for the people we serve is critical for the Department of Health and Welfare,” said DHW Director Dave Jeppesen. “We are working closely with OS to make sure proper notifications have been sent and that those affected have access to monitoring and assistance to make sure their information is safe. We are also working with OS to make sure this doesn’t happen again. In addition, I’ve asked my staff to evaluate the lessons learned from this incident, so we can apply those to our overall cybersecurity efforts.” Continue reading