BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

2 Medicaid Data Breaches, 1 Weak Link: Employees

From: security curmudgeon <jericho () attrition org>
Date: Wed, 25 Apr 2012 00:53:53 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.informationweek.com/news/healthcare/security-privacy/232900817

By Ken Terry
InformationWeek
April 24, 2012

For the second time in less than a month, there has been a major data 
security breach at a state Medicaid agency. The South Carolina Department 
of Health and Human Services (SCDHHS) discovered on April 10 that an 
employee of the state's Medicaid program had transferred personal 
information of 228,435 Medicaid beneficiaries to his personal email 
account.

After the department detected the transfers, it contacted the state law 
enforcement agency. The employee was terminated, and the affected 
individuals were notified of the security breach. Christopher Lykes Jr. of 
Swansea, Ga., has been arrested and charged with the offense, according to 
South Carolinian website The State.com.

Just a few weeks ago, hackers broke into a server at the Utah Department 
of Technology Services and stole Medicaid records of 780,000 people. Of 
those, about 280,000 had their Social Security numbers compromised. 
Less-sensitive personal information on an additional 500,000 individuals, 
including names, addresses, dates of birth, and diagnostic codes, also was 
stolen.

In the South Carolina case, the compromised records had patient names, 
phone numbers, addresses, birth dates, and Medicaid ID numbers, but no 
private medical records or financial information. In 22,604 cases, the 
records included Medicare numbers that contained Social Security numbers.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: