IMG_0946.jpg

Delaware's Division of Public Health said an ex-staffer mistakenly caused a data breach involving coronavirus-related patient information.

The agency announced Sunday, November 15, 2020, that the temporary employee inadvertently sent two unencrypted emails to a single unauthorized user on August 13th and August 20th.

The emails contained COVID-19 test results and related information for roughly 10,000 people, including test dates, locations and results, patient names, birth dates and phone numbers. 

The August 13, 2020 email included test results for individuals tested between July 16, 2020, and August 10, 2020.

The August 20, 2020 email included test results for individuals tested on August 15, 2020. The emails were meant for internal distribution to call center staff who assist individuals in obtaining their test results.

DPH said no financial information was released, and the recipient of the emails told the agency the emails and their attachments had been deleted; here's no evidence at this point suggesting the information, which was meant for call center staff, was misused.

DPH has reported the incident to the U.S. Department of Health and Human Services and Delaware's Justice Department as mandated by state law and is mailing letters to people whose information was in the emails.

In addition, a call center will be online starting Monday for anyone with questions about the incident. It'll be open Monday through Friday from 9 a.m. to 9 p.m., excluding holidays, at 1.833.791.1663.