[ISN] 2 Medicaid Data Breaches, 1 Weak Link: Employees

From: InfoSec News <alerts_at_private>
Date: Wed, 25 Apr 2012 00:53:08 -0500 (CDT)
http://www.informationweek.com/news/healthcare/security-privacy/232900817

By Ken Terry
InformationWeek
April 24, 2012

For the second time in less than a month, there has been a major data 
security breach at a state Medicaid agency. The South Carolina 
Department of Health and Human Services (SCDHHS) discovered on April 10 
that an employee of the state's Medicaid program had transferred 
personal information of 228,435 Medicaid beneficiaries to his personal 
email account.

After the department detected the transfers, it contacted the state law 
enforcement agency. The employee was terminated, and the affected 
individuals were notified of the security breach. Christopher Lykes Jr. 
of Swansea, Ga., has been arrested and charged with the offense, 
according to South Carolinian website The State.com.

Just a few weeks ago, hackers broke into a server at the Utah Department 
of Technology Services and stole Medicaid records of 780,000 people. Of 
those, about 280,000 had their Social Security numbers compromised. 
Less-sensitive personal information on an additional 500,000 
individuals, including names, addresses, dates of birth, and diagnostic 
codes, also was stolen.

In the South Carolina case, the compromised records had patient names, 
phone numbers, addresses, birth dates, and Medicaid ID numbers, but no 
private medical records or financial information. In 22,604 cases, the 
records included Medicare numbers that contained Social Security 
numbers.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Received on Tue Apr 24 2012 - 22:53:08 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 24 2012 - 22:53:02 PDT