Lost USB drive source of breach for Utah Medicaid patients

[InfoSec News <alerts () infosecnews org>]

http://www.clinical-innovation.com/topics/privacy-security/lost-usb-drive-source-breach-utah-medicaid-patients

By Editorial staff
Clinical Innovation + Technology
Jan 23, 2013

The Utah Department of Health (UDOH) has begun the process of notifying 
approximately 6,000 Medicaid clients that some of their personal information 
was misplaced by a third-party contractor. The contractor, Goold Health 
Systems, processes Medicaid pharmacy transactions for the UDOH.

In violation of department policy and its contract with the department, a Goold 
employee saved personal health information on an unencrypted, portable USB 
memory device and then left UDOH headquarters with the device, according to a 
release. The employee misplaced the device while traveling between Salt Lake 
City, Denver and Washington, D.C. Goold confirmed the data were missing on Jan. 
15.

Personal information included in the data is limited to a Medicaid recipient’s 
name, Medicaid identification number, age (but not date of birth) and recent 
prescription drug use history.

The department is taking steps to protect the affected Medicaid identification 
numbers against potential fraudulent use. The Office of the Inspector General 
for Medicaid Services has been alerted to the situation and will also be 
monitoring for suspicious activity. In addition, the Office of the Health Data 
Security Ombudsman will commit its full resources to assisting affected clients 
in any way they need.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org