A data breach at the Wyoming Department of Health (WDH) publicly exposed the COVID-19, influenza, and blood alcohol test data information of more than 164,021 Wyomingites and some out of state residents, the department announced Tuesday.
The breach occurred late last year when a WDH Public Health Division employee mistakenly uploaded protected health information to GitHub, an internet hosting provider used primarily for software development and source code management, according to an April 27 press release from WDH.
The breach was not the result of a compromise of GitHub or its systems, WDH officials said.
While GitHub has privacy and security policies and procedures in place regarding the use of data on their platform, the release stated, the mistakes made by the WDH employee still allowed the information to be exposed and made available to those who were not authorized to receive it.
The information wrongfully shared included COVID-19 tests reported to the WDH, including the name of the individual tested or their patient id, their home address, date of birth, test results, and dates of service. These COVID-19 tests could have been performed anywhere in the U.S. between January 2020 to March 2021, per WDH.
“While WDH staff intended to use this software service only for code storage and maintenance rather than to maintain files containing health information, a significant and very unfortunate error was made when the test result data was also uploaded to GitHub.com,” Michael Ceballos, WDH director, said in the release. “We are taking this situation very seriously and extend a sincere apology to anyone affected.”
Ceballos noted that the affected files did not contain any social security numbers, banking, financial, or health insurance information.
The department began contacting individuals potentially affected by the breach on Monday.
“We are committed to being open about the situation and to offering our help,” Ceballos said.
Jeri Hendricks, Office of Privacy, Security, and Contracts administrator with WDH, echoed the same sentiment.
“We recognize maintaining personal information privacy is important,” Hendricks said. “Because we want to be extra cautious about this situation, we are offering affected individuals one year of free identity theft protection through IdentityForce.”
Affected individuals can also call the information line for an IdentityForce verification code to allow online enrollment for the service.
Hendricks added appropriate corrective action has been taken and said that the WDH Office of Privacy, Security and Contract’s (OPSC) investigation into the incident is complete.
If you believe your information may have been compromised, call the WDH information line at 1(833) 847-5916.
To view the official WDH notice about the situation, click here.