The U.S. Postal Service (USPS) has notified approximately 485,000 employees, former employees and retirees who filed for workers’ compensation that their health information may have been exposed by network intruders, according to a report from Nextgov.
Hackers accessed the files during a breach that was first reported by USPS in September, when the organization announced that the intrusion included the Social Security numbers of about 800,000 employees. The 485,000 employees whose medical information was exposed received a notification letter last month, according to the Nextgov report.
The medical data at stake consisted of injury diagnoses and procedure codes, as well as the physical location of the bodily harm, according to the letter, which Nextgov reviewed. "Codes concerning the anatomical location and the nature of the work related injury” were potentially compromised, USPS chief human resources officer Jeffrey Williamson said in the notification letter. The data also included codes for medical, surgical and diagnostic services that were used for billing.
According to the report, the agency does not face health data security fines or Health and Human Services Department breach notification violations, because the data was not part of an insurance plan.