A Cuyahoga County man said he stumbled upon a data breach involving medical records filed by the Ohio Bureau of Workers' Compensation.
The man, who did not want to be identified, said he filed a claim with the department. When he logged onto the state BWC website and entered his personal claim number in order to view his medical records, he found out two documents belonging to other patients had been filed into his account.
One of the documents included a patient’s full name, his doctor’s name, his ailment and diagnosis.
“The medical facility I did not know about until now, after googling it,” the injured worker said. "The patient is not me and the physician I have never heard of up until now.”
The man showed me documents proving he hurt his leg on the job in 2015. He’s now on disability and said he decided to talk to a reporter instead of contacting the state, fearing retaliation from a future employer.
“I don’t fear retaliation from my current employer, however, if I were ever to get a job in the future, nobody would hire the person who made their BWC rate go up because they needed another agency to audit them,” he said.
Ohio Bureau of Workers' Compensation spokesman Bill Teets said the agency investigated after newsnet5.com notified them. Teets said that investigation found no security lapses. He added the filing could have been human error.
He estimated documents are incorrectly filed about 300-400 times a year, in an office that files about 26 million documents a year. Teets also said the injured worker should not be afraid of future retaliation because future employers would not have access to his claim.
But the injured worker is worried human error meant his private information could pop up on someone else’s screen.
“It’s not about pointing fingers and saying you’re wrong. Just fix it,” he said. "There’s no monetary gain for me. I’m not looking to write a book. I just want this fixed."
Download the newsnet5 app: