Network Security, Security Strategy, Plan, Budget

Penn. Medicaid recipients’ information on missing flash drive

Two health insurers said a flash drive containing the personal health information of hundreds of thousands of Pennsylvania Medicaid recipients has gone missing.

How many victims? 280,000.

What type of personal information? Names, addresses and other health data.

What happened? AmeriHealth Mercy and Keystone Mercy Health Plan, both of which are Medicaid managed plan providers, said the drive was discovered missing from the companies' corporate offices on Sept. 20. The same drive was also used at community health fairs.

The companies have not disclosed whether the computer drive was encrypted.

Details: The last four digits of 801 members' Social Security numbers were also contained on the drive, along with full Social Security numbers of seven members.

There have not been any reports of misuse of the information stored on the drive.

Keystone Mercy Health Plan provides insurance to 300,000 Medicaid members in Pennsylvania, and AmeriHealth serves 100,000 in the state. The breach, which involves nearly two-thirds of the insurers' subscribers, represents one of the largest incidents involving health data loss in recent memory.

Quote: "We deeply regret this unfortunate incident," said Jay Feldstein, president of the managed care plans for both insurers.

What was the response? The breach was reported to the state Department of Public Welfare. In addition, the companies have been working to notify affected individuals and evaluate and improve their security measure so that a similar incident does not again occur.

Source:, Philadelphia Inquirer, “Medical-data breach said to be major,” Oct. 21, 2010.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.