Getty Images

LA Patient Privacy Incident Discloses COVID-19 Vaccine Status 

The vaccination status of thousands of LA County employees was shared online.

An accidental patient privacy event shared online the COVID-19 vaccination status of over 4,000 Los Angeles County Fire Department employees, according to Los Angeles Times report.  

The LA Times report states that a list of 4,900 Los Angeles County Fire Department employees' names and their COVID-19 vaccination status was mistakenly published on a public website. 

“The list of employees and their COVID-19 vaccination data was posted on a privately registered and since deactivated web domain — covid.lacofdems.com — that appears to have been connected to the department’s Emergency Medical Services bureau,” the LA Times report states.  

“The website, whose registrant remains unclear, contained about 4,900 workers’ full names, birthdates, employee numbers and vaccination details, including shot dates, specific dose information and whether employees had declined an injection,” the report states. 

Dave Gillotte, president of the Local 1014, told the LA Times that the union is seeking an investigation into the health data breach.  

The Times published a memo by LA County Fire Chief Daryl Osby in which Osby states that the “unauthorized website had been created on April 29,2021. Upon immediate receipt of this notification the website was removed at 7:36 a.m.”  

In the memo, the chief states that an investigation is under way and cybersecurity incident response protocols were enacted.  

“Before it was taken down, the website’s main page allowed users to submit search queries for names and employee numbers to a database that contained all the workers’ vaccination-related information,” the report states.  

The Times report states that “the interface wasn’t password protected, and a ‘wildcard’ search — one submitted without parameters — revealed all employees’ information in a spreadsheet-like table. In addition, the website allowed users to select an individual worker to see specific dates for first and second doses, along with a code that revealed brands and specific batches of shots.” 

Requests for comment from the LA County Fire Department and the Local 1014 were not answered as of press time.  

Next Steps

Dig Deeper on HIPAA compliance and regulation