Employee stole data on 230,000 Medicaid recipients
Just a few weeks after a massive data breach affecting hundreds of thousands of people in Utah’s Medicaid system, a breach in another state’s Medicaid office has been discovered. Both incidents highlight the threats negligent and malicious employees can pose to patients’ data security.
The South Carolina Department of Health and Human Services (SCDHHS) discovered a data breach while conducting a performance review, the agency said in a statement. The breach may affect an estimated 228,435 Medicaid recipients.
The data theft was carried out by an agency employee, who emailed the recipients’ personal information to his own personal email account. The information taken didn’t include any medical records, but did contain names, addresses, phone numbers, birth dates and Medicaid ID numbers.
After the incident was discovered, SDSHHS fired the employee for violating its privacy policies and notified law enforcement. It isn’t known what the employee planned to do with the data.
The Utah Medicaid breach, which exposed sensitive information on approximately 780,000 individuals, may also be blamed on the important human element of information security. Though specific details weren’t given, the Utah Department of Technology Services said the breach was caused by a “configuration error” on the machine holding the data. Apparently, an employee put a server online without setting its security properly.
- Hospital employee posts patient’s name and medical info on Facebook
- Hard drive theft leads to $1.5 million fine for privacy violations
- Ex-employee posts patient photo on Facebook, gets charged with privacy violation
- Experts predict more lawsuits, data breaches against healthcare providers in 2012
- Who’s liable after patient data is breached?
Below are a few free resources you may find useful.