Delaware OMB Reveals Consultant’s Security Breach

by Dave on August 30, 2010

The Office of Management and Budget’s (OMB) Division of Statewide Benefits’ consultant, Aon Consulting, has mailed letters to approximately 22,000 State of Delaware retirees informing them Aon inadvertently included Social Security Numbers, gender information and dates of birth in a Request for Proposal (RFP) the company prepared for the State. This information was posted to the procurement section of the state website for five days before state staff discovered and removed it.

Aon Consulting, based out of Chicago, Ill., provides services to the State of Delaware for health and benefit programs.

This document did not include retiree names or current state employee information.

Aon Consulting had prepared an RFP for the State of Delaware to solicit bids from insurance companies interested in providing vision benefits to employees and retirees of the State. The RFP was posted to the procurement section of the state website to allow interested bidders access to the proposal document (the normal course of business for a public entity, such as the State of Delaware). The document included the above mentioned information.

OMB, along with representatives from the Delaware Department of Technology and Information, the Office of the Attorney General and the State Pension Office, are overseeing the steps Aon is taking to support persons affected by this incident and prevent future incidents of this nature.

This incident response is also governed by federal Health Insurance Portability and Accountability Act (HIPAA) regulations, so Aon Consulting is taking the following actions:
• Aon Consulting will contact each affected individual with a letter informing them of the incident and credit protection steps moving forward.
• Aon Consulting will post public notices in states where there are more than 500 affected individuals.
• Notification will be provided to the U.S. Department of Health and Human Services of the security incident.

While HIPAA regulations provide that these actions occur within 60 days, OMB has confirmed these actions will be complete by the end of the week.

Aon Consulting will also provide one year of free credit monitoring through Experian, a leading global credit monitoring company. Aon Consulting has also set up a customer care toll-free line at 866-623-6047. The phone lines will be open from Monday to Friday, 8am – 8pm.

Aon’s letters to potentially affected retirees will further detail the situation and outline instructions to access the Experian services to put a fraud alert on their files.

release from Delaware OMB

click here for Aon’s statement

Comments on this entry are closed.

[CoastalSussex] on Twitter[Coastal Sussex] on Facebook[Our] RSS Feed[Our] Email