WYOMING — The Wyoming Department of Health (WDH) announced Tuesday, April 27, the accidental release of COVID-19 test results, as well as the personal information of 164,021 Wyoming residents.
The 2020 census reported 578,000 Wyomingites, this breach accounts for about 28% of the population.
According to the department, a WDH Public Health Division workforce member “inappropriately handled the health information of approximately 164,021 Wyoming residents and others as early as November 5, 2020” after files were uploaded to a private and public online storage location belonging to GitHub.com. The department says that they became aware of the breach on March 10, 2021.
“We are taking this situation very seriously and extend a sincere apology to anyone affected. We are committed to being open about the situation and to offering our help,” said Michael Ceballos WDH Director. He noted that the affected files did not contain social security numbers, or banking, financial, or health insurance information.
53 files containing COVID-19 and influenza test result data and one file containing breath alcohol test results were made available on GitHub as early as January 8, 2021.
The exposed health information included COVID-19 tests that were electronically reported to the WDH for Wyoming residents, including names or patient IDs, addresses, dates of birth, test results, and dates of services. These COVID-19 tests could have been performed anywhere in the United States between January 2020 to March 2021.
GitHub is an internet-based software development platform typically used for version control and code management while writing code for data models. This incident did not result from a compromise of GitHub or its systems, says WDH, but rather the mistake by the WDH employee allowed the information to be exposed.
Ceballos said, “While WDH staff intended to use this software service only for code storage and maintenance rather than to maintain files containing health information, a significant and very unfortunate error was made when the test result data was also uploaded to GitHub.com.”
WDH started sending notices to potentially affected individuals yesterday, but contact information was incomplete for many people affected.
The Department has created a special line to combat the incident. They are urging Wyoming residents who received COVID-19 or influenza tests anywhere in the United States between January 2020 and March 9, 2021, but who do not receive a written notice within the next two weeks to call the information line, 1(833) 847-5916. The phone line will be available Monday through Friday, 9 a.m. to 7 p.m. through August 6.
Anyone who received a breath alcohol test performed by law enforcement in Wyoming between April 19, 2012, and January 27, 2021, who doesn’t receive a letter should also call.
WDH is offering one year of free identity theft protection through IdentityForce, which provides advanced credit and dark web monitoring, along with identity theft insurance and medical identity theft coverage.
“Files have been removed from the GitHub repositories and GitHub has destroyed any dangling data from their servers. Business practices have been revised to include prohibiting the use of GitHub or other public repositories and employees have been retrained,” said Jeri Hendricks, Office of Privacy, Security, and Contracts administrator with WDH.
