BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Lost USB drive source of breach for Utah Medicaid patients

From: security curmudgeon <jericho () attrition org>
Date: Thu, 24 Jan 2013 02:24:45 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.clinical-innovation.com/topics/privacy-security/lost-usb-drive-source-breach-utah-medicaid-patients

By Editorial staff
Clinical Innovation + Technology
Jan 23, 2013

The Utah Department of Health (UDOH) has begun the process of notifying 
approximately 6,000 Medicaid clients that some of their personal 
information was misplaced by a third-party contractor. The contractor, 
Goold Health Systems, processes Medicaid pharmacy transactions for the 
UDOH.

In violation of department policy and its contract with the department, a 
Goold employee saved personal health information on an unencrypted, 
portable USB memory device and then left UDOH headquarters with the 
device, according to a release. The employee misplaced the device while 
traveling between Salt Lake City, Denver and Washington, D.C. Goold 
confirmed the data were missing on Jan. 15.

Personal information included in the data is limited to a Medicaid 
recipient?s name, Medicaid identification number, age (but not date of 
birth) and recent prescription drug use history.

The department is taking steps to protect the affected Medicaid 
identification numbers against potential fraudulent use. The Office of the 
Inspector General for Medicaid Services has been alerted to the situation 
and will also be monitoring for suspicious activity. In addition, the 
Office of the Health Data Security Ombudsman will commit its full 
resources to assisting affected clients in any way they need.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: