“We deeply regret the inadvertent exposure of personal health information on our website,” said Thomas Farley, Philadelphia’s health commissioner. “We will conduct a thorough investigation of this incident, attempt to determine if any confidential information was accessed by others, take appropriate corrective actions, and do everything we can to protect the privacy and security of personal information.”
The department did not say whether it planned to notify all whose records were exposed. A city spokesperson said they were still investigating the scope of the incident and “cannot comment on specific actions” until more is learned.
By Nathaniel Lash
Information Security Media Group
In a statement provided on Monday to Information Security Media Group, the Philadelphia department of public health says it was notified on Oct. 11 that personal health information was available for download on one of the departments webpages. “The information was removed immediately. Since that time, the health department had been working with the vendor and city officials to find out what data was potentially exposed, how many people’s records were exposed, and what actions are required be done in response to the exposure,” the statement says.
By Marianne Kolbasuk McGee