Utah Medicaid patients affected by second breach in year

Share this article:

An unencrypted USB device containing the sensitive information of 6,000 Utah Medicaid recipients has gone missing – making it the second breach to affect the Utah Department of Health (UDOH) in a year.

How many victims? 6,000.

What type of personal information? Names, ages, Medicaid identification numbers, and recent history of prescription drug use.

What happened? Last Thursday, an employee for Augusta, Maine-based contractor Goold Health Systems (GOH), which processes Medicaid pharmacy transactions for UDOH, lost a USB device while traveling among Salt Lake City, Denver and Washington, D.C. 

What was the response? The Office of the Inspector General for Medicaid Service will monitor any suspicious activity involving Medicaid enrollees. The Office of the Health Data Security Ombudsman will be responsible for helping victims, who will also receive notification letters from UDOH over the next several days.

Details: The employee saved the data to a USB drive after having issues uploading a report to a secure file server.

In another incident last April, hackers breached a UDOH server and stole sensitive information of around 780,000 Medicaid recipients and Children's Health Insurance Program participants, which led to the firing of the head of Utah's Department of Technology Services Stephen Fletcher. About 280,000 Social Security numbers also were accessed in the breach.

Quote: “We believe the potential risk for identity theft [due to the latest breach] is minimal,” Utah Medicaid Director Michael Hales said Wednesday in a statement. “Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes. Nevertheless, we understand the anxiety this will likely cause and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program.”

Source: www.sltrib.com, The Salt Lake Tribune, "Utah's Medicaid loses control of patient records, again," Jan. 16, 2013.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.