If the Republican primary for Governor was held today, who would you vote for?
State Senator Dallas Heard
Salem Oncologist Bud Pierce
State Representative Bill Post
Sandy Mayor Stan Pulliam
Clackamas County Commissioner Tootie Smith
Northwest Observer
Subscribe for Free Email Updates
Search Articles
The OHA Has Your Vaccine Information. What Could Possibly Go Wrong?
The state had a breach in health data a couple of years ago

As the debate over vaccine passports rages and a cold war between retail businesses and state COVID-19 enforcement officials brews, citizens -- even those who are grateful to get the vaccine -- are starting to question the need for the Oregon Health Authority to collect and store data on their vaccination status.

It's pretty clear from the form to request a duplicate vaccination status card that the OHA has collected information that could be a significant threat in the case of an identity theft incident.

Two years ago, the Department of Human Services had a breach in which hundreds of thousands of records containing highly sensitive identity information was compromised. The DHS released a statement, required by law, describing the breach.

On January 28, 2019 DHS and Enterprise Security Office Cyber Security team confirmed that a breach of regulated information had occurred. Nine individual employees opened a phishing email and clicked on a link that compromised their email mailboxes and allowed access to these employees’ email information. Current information indicates on January 8th, a spear phishing email was sent to DHS employees. Through our process of discovery, we learned that there were nearly 2 million emails in those email mailboxes.

The unauthorized access to the affected email mailboxes was successfully stopped. DHS is in the process of thoroughly reviewing the incident and the information involved. This investigation includes clarifying the number of impacted records that might contain personal information of clients receiving services from DHS.

Clients’ Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA) was accessible to an unauthorized person. Client information may include first and last names, addresses, dates of birth, Social Security numbers, case number and other information used to administer DHS programs.

For some, this is just another argument against vaccine passports and the like, in which the government maintains control of the data.

Photo by Markus Spiske on Unsplash

--Staff Reports

Post Date: 2021-05-21 15:06:25Last Update: 2021-05-21 17:11:09

Read More Articles