The Washington Post
City Web breach exposes nurses’ personal data
The D.C. Department of Health has warned hundreds of nurses that their personal information was inadvertently exposed in the licensing portal and is offering them one year of creditmonitoring services.
A nurse navigating the nursing board’s online portal somehow ended up on a nonpublic portion of a database that included the Social Security numbers, names and addresses of nurses, said Department of Health spokesman Tom Lalley.
Seven nurses had their inforonline mation exposed. City officials couldn’t identify them, so they sent warning letters last week to all 600 people who were then registered in the system.
“We talked to this individual and confirmed they were a legitimate user on the system, and we didn’t see any evidence of downloading information or manipulating information,” Lalley said. “It seemed like to us an accident, so this person accidentally exposed a vulnerability we didn’t know was there.”
The breach happened two days after a new nurse licensing system launched April 25. Health officials became aware April 30 and shut the system down for five days.
City officials haven’t found evidence that anyone else was able to access the nurses’ private information, Lalley said.