Illinois Health Department Data Breach Exposes COVID-19 Vaccination Records

Nearly 1,000 individuals’ COVID-19 vaccine status records, including personal information, were leaked in early May 2021. According to health officials in Lake County, IL, this data was stored in an unencrypted Google drive. 

The culprit? A volunteer in their COVID-19 Contact Center who  gathered information via telephone calls and stored it on a shared Google spreadsheet using their personal Google Drive. This information included names, dates of birth, phone numbers, email addresses, and most shocking of all, COVID-19 vaccination statuses. 

Though reports show there is “no indication that the information has been inappropriately used by anyone,” the damage is irreparable. 1,000 individuals have had their privacy violated, and the numbers are only rising. 

According to the Illinois Lake County Health Department and Community Health Center (LCHD), this isn’t their first isolated incident. The first data breach occurred more than five years ago — and we’re now only finding out.

In July 2019, more than 24,000 patients had their medical request records exposed via a spreadsheet that was sent to an internal employee’s personal email address. For nearly two years, this data was collected from December 2016 to June 2019 and made accessible through a “3rd party vendor who provides release of information services,” the county said.

“The information in the spreadsheet consisted of numbers and dates relevant only to the vendor along with a name. The spreadsheet did not contain date of birth, Social Security number, financial information, address, treatment dates, test results, or any other medical history details.”

According to a notice posted on the county’s website nearly two months after the second breach in May, “LCHD is [now] notifying individuals about two data breaches.”

Dasera clearly recognizes the challenges that the COVID-19 pandemic has presented to all organizations, including government at all levels. Hospitals are stretched thin and volunteers are called to duty to help meet staffing needs. Yet, outside personnel accessing sensitive data presents unique challenges never before seen on this scale.

It’s formidable and almost unimaginable to protect sensitive data in the COVID era— until now.

Protecting data must always remain a priority. Dasera seeks to overcome these seemingly insurmountable obstacles and secure data once and for all — from creation to deletion. 

Learn more about Dasera’s unique approach to these data security challenges. 

Author

Tu Phan