When using government contractor websites, you would hope that they are as secure as they claim. Unfortunately, one woman in Washington DC learned the hard way that this isn’t always the case, and now she fears for her identity.
Alexia Park logged on to DC Health Department’s website to renew her nursing license. It’s supposed to be a speedy, secure process; 600 other nurses had also just recently renewed their licenses on the same site.
Park was horrified when she received a letter weeks after renewing her license, informing her and the approximately 600 other nurses who also recently renewed that there was some kind of security incident that publicized the personal information of at least seven nurses — including their names, addresses, and their social security numbers.
While the Department of Health apologized in a letter and promised some protection in the form of a year of identity theft protection for all 600 nurses, Park was not satisfied. “It was shocking to say the least and I felt like it didn’t feel very sincere and I didn’t feel like there was a whole lot of accountability or responsibility,” she says of the apology letter. Park is asking for ten years of identity theft protection instead of the single year offered. Identity theft can be devastating financially and personally, and Park is not happy that the leak of her personal info was out of her control.
The local WJLA I-Team in DC reported that the breach in the Health Department was not a formal hack, but rather a result of another registered user, a nurse like Park, accessing
a part of the system the user was not supposed to be able to access. The nurse is not currently facing any criminal charges or disciplinary for the breach, nor are any District employees.
While DC officials are saying this is the only security breach it has discovered in the past year, data has shown that government contractors have been increasingly vulnerable to data breaches and cybersecurity crises. Security firm investigations have found that around 83% of government contractors are out of compliance with government standards for network and technology infrastructures.
Since 2016, about 8% of healthcare contractors have reported at least once data breach, a percentage that is higher than any other type of contractor.
As a response to alarm from the public, many government agencies are revising or augmenting their policies around data breach notifications for contractors. While agencies attempt to tighten up security, they are still vulnerable to breaches. In the meantime, users can protect their personal information by being choosy about what websites and applications they use, and by only using strong usernames and passwords for login credentials.
Photo Credit: stock photo