Breach, Data Security

Colorado’s OIT notifies 3,000 residents of data breach


Colorado's Office of Information Technology (OIT) is notifying more than 3,000 residents that a technical error resulted in letters containing their personal information being mailed to the wrong address.

How many victims? More than 3,000.

What type of personal information? Letters meant for 1,622 Medicaid recipients included names, addresses, state identification numbers, Medicaid case numbers, names of family members in a household, employer names, income from that employer, amount of an Advanced Premium Tax Credit (APTC), and whether the individuals were approved or denied for several medical assistance programs, such as, Medicaid and Child Health Plan Plus (CHP+). For fewer than fifty of those individuals, dates of birth were also included.

Correspondence meant for 1,069 Colorado Department of Human Services (CDHS) clients included Social Security numbers, and letters meant for an additional 353 CDHS clients included names, addresses and state identification numbers.

What happened? Due to a technical error, letters containing personal information were mailed to the wrong address.

What was the response? The issue has been fixed, and additional quality checks are being implemented to ensure a similar situation does not occur in the future. All impacted individuals are being notified, and credit monitoring services are being made available to people whose medical information or Social Security numbers were exposed.

Details: The technical error occurred between May 25 and July 5. The letters were meant for more than 3,000 Medical Assistance, Food Assistance, Adult Financial and Colorado Works households.

Quote: “The error occurred during a technical code change made by a vendor in late May which impacted fields of information in an unanticipated manner,” a release sent to on Thursday said. “The initial problem was reported to OIT on July 1. After determining the problem was wider spread, a fix was put into place July 5.”

Source: a news release emailed to on Thursday,, “STATE NOTIFIES MEDICAID MEMBERS OF HIPAA BREACH,” Aug. 17, 2015.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.