October 17, 2019

Patient Data Exposed by Philadelphia Department of Public Health

The Philadelphia Inquirer reported that a data tool built and used by the Philadelphia Department of Health (PDH) to track hepatitis infections exposed PHI online, including names, addresses, social security numbers, and hepatitis infection status. The data was taken down by PDH minutes after being notified of the exposure by a reporter. The Philadelphia Inquirer “discovered the accessible data, which in one case included 23,000 individual records of new cases of hepatitis C.” This breach appears to be part of a growing trend of breaches at governmental health agencies, including in Washington, Florida, Montana, Utah, Virginia, Georgia, and Alaska