Utah Medicaid patients affected by second breach in year

Share this article:

An unencrypted USB device containing the sensitive information of 6,000 Utah Medicaid recipients has gone missing – making it the second breach to affect the Utah Department of Health (UDOH) in a year.

How many victims? 6,000.

What type of personal information? Names, ages, Medicaid identification numbers, and recent history of prescription drug use.

What happened? Last Thursday, an employee for Augusta, Maine-based contractor Goold Health Systems (GOH), which processes Medicaid pharmacy transactions for UDOH, lost a USB device while traveling among Salt Lake City, Denver and Washington, D.C. 

What was the response? The Office of the Inspector General for Medicaid Service will monitor any suspicious activity involving Medicaid enrollees. The Office of the Health Data Security Ombudsman will be responsible for helping victims, who will also receive notification letters from UDOH over the next several days.

Details: The employee saved the data to a USB drive after having issues uploading a report to a secure file server.

In another incident last April, hackers breached a UDOH server and stole sensitive information of around 780,000 Medicaid recipients and Children's Health Insurance Program participants, which led to the firing of the head of Utah's Department of Technology Services Stephen Fletcher. About 280,000 Social Security numbers also were accessed in the breach.

Quote: “We believe the potential risk for identity theft [due to the latest breach] is minimal,” Utah Medicaid Director Michael Hales said Wednesday in a statement. “Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes. Nevertheless, we understand the anxiety this will likely cause and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program.”

Source: www.sltrib.com, The Salt Lake Tribune, "Utah's Medicaid loses control of patient records, again," Jan. 16, 2013.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.