On December 11, 2018, County of Ramsey submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in St. Paul, Minnesota, the email breach affected 599 individuals’ protected health information.
County of Ramsey is classified as a Healthcare Provider.
According to a notice on County of Ramsey’s website:
About 500 clients of the Ramsey County Social Services department who may have had their individually identifiable health information compromised following an information security incident in August 2018 began receiving letters of notification today from Ramsey County.
On August 9, 2018, the county became aware of the unauthorized access to email accounts of 28 Ramsey County employees in an apparent scheme to divert employees’ paychecks. Following the incident, Ramsey County took immediate steps to stop the intrusion and secure employee email accounts. The county then contracted a data security firm to conduct further investigation. The firm’s assessment was delivered on Oct. 12, 2018. It found that the hackers may have been able to see information about Ramsey County clients through the employee email accounts, including social security numbers, dates of birth, addresses and limited amounts of medical information.
The notification letter is available at ramseycounty.us/publicnotice. The letter includes a phone line for those with questions about the incident to call – 651-266-2275 (1-833-812-4159).
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.