Delaware’s Department of Health and Social Services announced a data breach within its Division of Developmental Disabilities Services.
The Division said a small number of users in their online records system may have had access to more than 7,000 sensitive patient records.
The breach came when new users were added to the client record system, inadvertently giving them access to other client records.
Director of External Relations and Strategic Partnership Jody Roberts said 159 new users could have had access to personal and protected health information.
“Of the 159 new user accounts, 10 individuals accessed files that should not have been accessible to them, which impacted 12 people,” Roberts said.
The breach was discovered in late August, but Roberts said the division wanted to make sure they knew the scope of the situation before alerting the public.
“Because there was the potential for other information to have been seen more passively in the database, which our analytics can’t offer kind of a precise accounting of, we’re treating it as a breach of the entire 7,000 just to be as cautious as possible,” Roberts said.
In addition to mailing notices to all clients or guardians in the system, the division set up an independent call center to field any questions about personal account information.
Clients and guardians can request a year of free credit monitoring if they wish.
Roberts said the division has established new guidelines for creating user accounts and tightened approval processes for accessing records.
