The N.C. Department of Health and Human Services is notifying the U.S. Department of Health and Human Services Office for Civil Rights and affected individuals of a recent incident in which a spreadsheet containing personal information was sent in error to a vendor in an unencrypted email.
The spreadsheet included names, social security numbers and test results for about 6,000 people who underwent routine drug screenings for employment, intern and volunteer opportunities at DHHS. These screenings were routine and applied uniformly to applicants for particular positions. A person's inclusion in the spreadsheet reflects only that they sought an employment, intern or volunteer opportunity at DHHS within the affected time period.
Upon learning of the breach on Sept. 27, 2017, DHHS immediately started an investigation and promptly coordinated with the vendor on the deletion and secure destruction of the personal information in the spreadsheet. While DHHS cannot determine for certain that the email was not intercepted during transmission, DHHS has determined that the risk of misuse of the personal information is low.
Protecting the privacy and security of job applicants is a top priority of DHHS. The department has reviewed proper procedures with employees and is continuing to review its internal processes to ensure the correct handling of data moving forward and to help avoid a similar occurrence in the future.
DHHS has mailed letters to affected individuals notifying them about the incident and has posted information on the DHHS website. To protect against fraud, affected individuals can put an alert on their credit files and monitor bank statements and credit card bills for unusual or unauthorized activity. They may contact any of the following credit bureaus to ask that a fraud alert be placed on their credit files:
- Equifax: 1-800-525-6285
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
People who may have been affected by the incident can call 1-800-662-7030 with questions.