We're Building A Better Tri-State Together
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
Deaconess nurse Craig Meier gets one of the first doses of the Pfizer-BioNTech vaccine delivered to the Tri-State.2020...and now 2021 will go down in history- its full impact is still being written. Here is WNIN, IPBS and Side Effects complete coverage.

IDOH: Contact Tracing Data Improperly Accessed, Risk “Low’ For 750K Affected

The Indiana Department of Health will notify nearly 750,000 Hoosiers that data from the state’s COVID-19 online contact tracing survey was improperly accessed. The data included name, address, email, date of birth and demographic information collected during contact tracing.

The Indiana Department of Health will notify nearly 750,000 Hoosiers that data from the state’s COVID-19 online contact tracing survey was improperly accessed.

In a statement, State Health Commissioner Dr. Kris Box said the risks to those affected are low because IDOH does not collect Social Security information as part of contact tracing.

State officials said the company that accessed the data looks for software vulnerabilities and then reaches out to drum up business. They said the software issue has been corrected, and the company told the state the data was not released to any other entity and was destroyed. 

Apu Kapadia is a professor in IU’s Department of Computer Science. He said this part of the state’s release concerns him.

"The release also talks about data being returned," Kapadia said. "What does it mean to return data? You already have the data. They could have just deleted it."

The data breach included name, address, email, date of birth and demographic information collected during contact tracing. Kapadia says with that information, a social security number isn’t always necessary to access someone’s online accounts.

"You don’t always have to have the social security number if you have so much personal information,"Kapadia said. "You can sometimes reconstruct the social security numbers.”

The state will send letters to those affected by the breach and provide one year of free credit monitoring.

Kapadia said breaches to large businesses or other organizations are not uncommon, and says it’s part of taking part in digital commerce.

He added this is why people should be vigilant and check their bank statements and watch their emails and physical mail carefully.

READ MORE: How Is Indiana Distributing COVID-19 Vaccines? Here's What You Need To Know

Join the conversation and sign up for the Indiana Two-Way. Text "Indiana" to 73224. Your comments and questions in response to our weekly text help us find the answers you need on COVID-19 and other statewide issues.

Contact Lauren at lchapman@wfyi.org or follow her on Twitter at @laurenechapman_.

Related Content