The Washington Post

City Web breach exposes nurses’ personal data

- BY FENIT NIRAPPIL fenit.nirappil@washpost.com

The D.C. Department of Health has warned hundreds of nurses that their personal informatio­n was inadverten­tly exposed in the licensing portal and is offering them one year of creditmoni­toring services.

A nurse navigating the nursing board’s online portal somehow ended up on a nonpublic portion of a database that included the Social Security numbers, names and addresses of nurses, said Department of Health spokesman Tom Lalley.

Seven nurses had their inforonlin­e mation exposed. City officials couldn’t identify them, so they sent warning letters last week to all 600 people who were then registered in the system.

“We talked to this individual and confirmed they were a legitimate user on the system, and we didn’t see any evidence of downloadin­g informatio­n or manipulati­ng informatio­n,” Lalley said. “It seemed like to us an accident, so this person accidental­ly exposed a vulnerabil­ity we didn’t know was there.”

The breach happened two days after a new nurse licensing system launched April 25. Health officials became aware April 30 and shut the system down for five days.

City officials haven’t found evidence that anyone else was able to access the nurses’ private informatio­n, Lalley said.

Newspapers in English

Newspapers from United States