The Arizona Department of Economic Security Division of Developmental Disabilities (DES/DDD) has revealed a data breach involving protected health information on January 9, 2023. While the agency cannot confirm whether any member’s protected health information was further disclosed, it is notifying the public because unauthorized persons had access to the information. The breach occurred as a result of records containing protected health information being accessible to a former employee in the Division of Developmental Disabilities. The records included names, addresses, phone numbers, dates of birth, and Arizona Health Care Cost Containment System identification numbers.
DES/DDD has notified 857 members whose information was confirmed to be part of this breach and provided guidance on measures they can take to prevent potential misuse of their information. These measures include placing a fraud alert or security freeze on their credit reports, requesting their credit reports from the three main credit-reporting agencies, and reporting suspected identity theft to their local police department. DES/DDD’s customer service is also available for assistance.
The incident highlights the importance of stringent access controls and security protocols to safeguard sensitive information. Organizations must ensure that only authorized personnel can access sensitive data and that data is protected both in transit and at rest. Regular reviews of access logs and activity logs can also help identify potential unauthorized access or misuse of data.