Information Security News
mailing list archives
Lost USB drive source of breach for Utah Medicaid patients
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 24 Jan 2013 02:15:04 -0600 (CST)
By Editorial staff
Clinical Innovation + Technology
Jan 23, 2013
The Utah Department of Health (UDOH) has begun the process of notifying
approximately 6,000 Medicaid clients that some of their personal information
was misplaced by a third-party contractor. The contractor, Goold Health
Systems, processes Medicaid pharmacy transactions for the UDOH.
In violation of department policy and its contract with the department, a Goold
employee saved personal health information on an unencrypted, portable USB
memory device and then left UDOH headquarters with the device, according to a
release. The employee misplaced the device while traveling between Salt Lake
City, Denver and Washington, D.C. Goold confirmed the data were missing on Jan.
Personal information included in the data is limited to a Medicaid recipient’s
name, Medicaid identification number, age (but not date of birth) and recent
prescription drug use history.
The department is taking steps to protect the affected Medicaid identification
numbers against potential fraudulent use. The Office of the Inspector General
for Medicaid Services has been alerted to the situation and will also be
monitoring for suspicious activity. In addition, the Office of the Health Data
Security Ombudsman will commit its full resources to assisting affected clients
in any way they need.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Lost USB drive source of breach for Utah Medicaid patients InfoSec News (Jan 24)