OPM Hack Affects 21.5M, Includes Individuals’ Health Info | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

OPM Hack Affects 21.5M, Includes Individuals’ Health Info

July 13, 2015
by Rajiv Leventhal
| Reprints

Last week, the U.S. Office of Personnel Management (OPM) announced that 21.5 million individuals’ personal information was compromised during an attack of the agency's security clearance database—an incident that includes individuals’ health history and is related to a previous cyber attack on the agency.

In early June, OPM, an independent agency of the U.S. government that manages the civil service of the federal government, acknowledged a major breach had occurred, affecting background investigation records for current and former federal employees. The suspected China-based hackers breached OPM computers, stealing records of as many as four million current and former federal employees in one of the largest breaches of government personnel data. At the time, OPM only disclosed that the personnel records of 4.2 million current and former federal employees had been compromised.

OPM says this new incident is separate, but related to the previous one. Following the conclusion of the forensics investigation on the first incident, OPM determined that the types of information in those stolen records included identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints.  Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen. The affected database contains copies of Standard Form 86, a questionnaire filled out by applicants for national security positions. The forms can include health data.

Now, OPM has concluded that sensitive information of 21.5 million individuals was stolen from the background investigation databases. With the 4.2 million people affected by the first breach, and 21.5 million included in an OPM repository of security clearance files, about 3.6 million of those affected were in both systems, an overlap that accounts for the 22.1 million in total, according to a Washington Post report.  

If an individual underwent a background investigation through OPM in 2000 or afterwards, it is highly likely that the individual is impacted by this cyber breach, the agency said. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.