On June 1, 2018, Florida Agency for Persons with Disabilities submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Tallahassee, Florida, APD’s email breach affected 1,951 individuals’ protected health information.
Florida Agency for Persons with Disabilities is classified as a Health Plan.
According to APD’s statement:
On April 10, an employee of the Agency for Persons with Disabilities was a victim of a malicious phishing email.
(Information that was exposed included names, addresses, birth dates, health information, telephone numbers, and Social Security numbers.)
APD immediately began investigating this potential security breach. To date, there is no indication that any sensitive information has been misused. However, in an abundance of caution we are sending a notification to 1,951 APD customers or guardians, and providing a one-year membership with a credit monitoring service because client names, addresses, birth dates, health information, telephone numbers, and Social Security numbers were potentially included in these email accounts.
APD takes this matter very seriously and has taken steps to protect personal information, including taking swift action to help prevent this type of event from happening again. On April 13, APD implemented a security upgrade to prevent unauthorized persons from gaining access to APD’s email system. APD will also be enacting additional training for staff members regarding appropriate email security protocols.
At this time, APD has no reason to believe individuals’ information has been misused. Again, in an abundance of caution and to help individuals detect any possible misuse of this information, we are providing a one-year membership with a credit monitoring service for those who could have been affected.
Florida Agency for Persons with Disabilities Email Platform
We did an MX record lookup for APDCares.org and determined they are using Microsoft 365 as their email platform.
We have seen an alarming number of Microsoft 365 customers reporting HIPAA Email Breaches in 2018.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.