WASHINGTON (WJLA) —
A nurse tells 7 On Your Side and Call For Action she was horrified to discover a government web site exposed her name, address and social security number to others… and could have done the same to 600 other nurses.
Nurses just like Alexia Park can log onto the DC Department of Health’s website and renew their license. It’s takes only minutes and is supposed to be a secure website… turns out it wasn’t.
“They had inadvertently released all of my personal information including my Social Security Number to the public,” says Park.
Weeks later the Department of Health sent this letter to 600 nurses who recently renewed their license thru the website. It mentions a security incident and personal information went public.
“It was shocking to say the least and I felt like it didn’t feel very sincere and I didn’t feel like there was a whole lot of accountability or responsibility,” adds Park.
The I-Team did some digging and discovered the DC Health Department’s website wasn’t hacked. The security breach was done by one nurse who was a registered user who accessed a part of the system that the District didn’t expect anyone to be able to view.
Private information involving seven nurses was accessed.
“I was horrified and I was scared. I felt absolute fear like oh my goodness what is going to happen to me now,” says Park.
DC Department of Health Director Doctor LaQuandra Nesbitt declined to answer our questions on camera but the Department did email:
The DC Department of Health takes its responsibility to protect private and sensitive information very seriously, which is why we acted immediately when we discovered an unauthorized disclosure. We have fully investigated this incident and continue to take steps to lessen any potential harm to our residents.
Those steps include all 600 nurses receiving 12 months of identity theft protection including credit monitoring and a $5,000,000 insurance reimbursement policy. Park is asking for 10 years of protection.
“When I went on the website it said it was very secure. There was a notice posted there. I trusted that… it obviously was not,” adds Park.
The nurse who accessed the private information is not facing any criminal charges and no District employee is being disciplined for the security breach. D.C. officials say this is the only security breach it has discovered in the past year.