Hackers get thousands of government workers' info from Healthways subcontractor

Firm: No medical, Social Security numbers stolen

Personal information on more than 60,000 government employees who participated in Tennessee’s employee health screenings may be at risk for identity theft, according to state officials.

An unknown source hacked into Onsite Health Diagnostics’ computer system earlier this year, according to spokeswoman Lisa MacKenzie. Information such as the name, date of birth, address, email address, phone number and gender of roughly one in five state workers was accessible in the breach, according to Texas-based Onsite, a company hired by the state’s wellness contractor, Healthways.

Details like Social Security numbers, employee IDs or medical information were not obtainable, OnSite said in a letter to affected employees dated Aug. 8.

The breach was discovered April 11 and traced back to having happened as early as Jan. 4, OnSite officials told Healthways. While the company has received no related reports of identity theft, the organization is offering workers a year of free identity theft protection services through the firm ID Experts. 

OnSite took two months to report the incident to Healthways after launching a third-party investigation with national security and computer forensic experts that determined an information table on the company’s since-abandoned 2013 computer system was accessed, according to Joan Williams, the state's Department of Finance and Administration's spokeswoman. Healthways informed state officials on June 10, shortly after being informed of the breach by OnSite.

About 275,000 people use the state’s health plan, including state employees, workers in higher education and some local school and government employees, Williams said in an email. OnSite sent the letter to 60,582 of the state’s health plan members. Tennessee is in the middle of a five-year contract with Franklin-based Healthways, according to Williams.