Another Breach for Utah DOH

Feb. 27, 2013
For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.

For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.

Back in April, UDOH’s data server was breached. This breach led to the illegal access of 24,000 claims. 

 For the most recent breach, UDOH says the contractor, Goold Health Systems (Augusta, Maine) processes Medicaid pharmacy transactions for the agency. The Goold employee apparently saved personal health information on an unencrypted, portable USB memory device and then left UDOH headquarters with the device.  They then misplaced the device while traveling between Salt Lake City, Denver, and Washington DC. 

“There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal.  Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes,” UDOH Deputy Director and state Medicaid Director Michael Hales, said in a statement.  “Nevertheless, we understand the anxiety this will likely cause, and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program.”

According to UDOH, it is taking steps to protect the affected Medicaid identification numbers against potential fraudulent use. It says, the Office of the Health Data Security Ombudsman will commit its full resources to assisting affected clients in any way they need.  

“I have directed UDOH attorneys to review our contract with Goold Health Systems, and I fully intend to seek whatever financial or contractual remedies are available in order to ensure GHS is held accountable for this serious mistake,” UDOH Executive Director David Patton, M.D., said in a statement.  “Protecting our clients’ personal information is of utmost importance to our department, and it must be the number one priority of our contractors as well.”

Patton also stated that he hopes Goold will discipline the employee and that they will no longer be allowed to work with UDOH data.

Sponsored Recommendations

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...

Quantifying the Value of a 360-Degree view of Healthcare Consumers

To create consistency in how consumers are viewed and treated no matter where they transact, healthcare organizations must have a 360° view based on a trusted consumer profile...