USPS data breach compromised some workers health information

Network intruders compromised health information on current and former U.S. Postal Service employees who filed for workers’ compensation, USPS officials say.

The files were accessed during a previously reported September cyber intrusion that netted the Social Security numbers of about 800,000 USPS employees. Details of the health data breach are just now being revealed for the first time.

The agency does not face health data security fines or Health and Human Services Department breach notification violations, because the data was not part of an insurance plan.

About 485,000 employees, former employees and retirees whose medical details were potentially exposed received a notification letter last month, USPS spokesman David Partenheimer said.

The information potentially compromised was stored in "a file relating to injury compensation claims," USPS Chief Human Resources Officer Jeffrey Williamson said in the letter dated Dec. 10. "In addition some of your medical information” associated with the claims may have been breached.

Read more: Medical File Hack Affected Nearly Half a Million Postal Workers – Nextgov.com.

  • HackedAgain

    Our government is failing us in these cyber breaches.

  • http://www.flatirontech.org/ Jack Brickman

    Cyber security threats are going to continue to grow in the coming years, so it’s
    highly essential that companies start securing their entire digital infrastructure, which begins by putting in place information security policies and procedures, provisioning and hardening of such systems, and then undertaking comprehensive security awareness training for employees. Call it the 3-point stance for protecting your organization. The problem is that most companies have (1). Outdated policies (2). Don’t have formalized procedures and checklists for hardening their information systems, and (3) do little or nothing when it comes to security awareness training. This won’t cut it in today’s world, so it’s time to get serious about information security.