Exploit: Accidental Data Sharing
Delaware Division of Public Health: State Health Agency
Risk to Small Business: 2.311 = Severe The Delaware Division of Public Health announced that in mid-September, a temp sent two emails containing COVID-19 test results for approximately 10,000 individuals to the wrong party. The August 13, 2020, email included test results for individuals tested between July 16, 2020, and August 10, 2020. The August 20, 2020, email included test results for individuals tested on August 15, 2020. Investigators have determined that these emails were sent by mistake, as the information was supposed to be sent to a member of the call center staff to assist individuals in obtaining their test results.
Individual Risk: 2.824 = Moderate The information mistakenly released in this foul-up included the date of the test, test location, patient name, patient date of birth, phone number if provided, and test result.
Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: Human error remains the number one cause of a data breach.
Security awareness training is the most effective way to prevent unfortunate employee errors.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
