Utah Medicaid patients affected by second breach in year

Share this article:

An unencrypted USB device containing the sensitive information of 6,000 Utah Medicaid recipients has gone missing – making it the second breach to affect the Utah Department of Health (UDOH) in a year.

How many victims? 6,000.

What type of personal information? Names, ages, Medicaid identification numbers, and recent history of prescription drug use.

What happened? Last Thursday, an employee for Augusta, Maine-based contractor Goold Health Systems (GOH), which processes Medicaid pharmacy transactions for UDOH, lost a USB device while traveling among Salt Lake City, Denver and Washington, D.C. 

What was the response? The Office of the Inspector General for Medicaid Service will monitor any suspicious activity involving Medicaid enrollees. The Office of the Health Data Security Ombudsman will be responsible for helping victims, who will also receive notification letters from UDOH over the next several days.

Details: The employee saved the data to a USB drive after having issues uploading a report to a secure file server.

In another incident last April, hackers breached a UDOH server and stole sensitive information of around 780,000 Medicaid recipients and Children's Health Insurance Program participants, which led to the firing of the head of Utah's Department of Technology Services Stephen Fletcher. About 280,000 Social Security numbers also were accessed in the breach.

Quote: “We believe the potential risk for identity theft [due to the latest breach] is minimal,” Utah Medicaid Director Michael Hales said Wednesday in a statement. “Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes. Nevertheless, we understand the anxiety this will likely cause and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program.”

Source: www.sltrib.com, The Salt Lake Tribune, "Utah's Medicaid loses control of patient records, again," Jan. 16, 2013.
Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Seattle University donor checks possibly exposed due to settings error

Seattle University is notifying an undisclosed number of donors that anyone with a Seattle University computer account could have viewed scanned checks.

Laptop stolen from Self Regional Healthcare contained patient data

As least 500 patients of Self Regional Healthcare have been notified that their personal information was on a laptop stolen from a Self Regional facility.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.