[BreachExchange] State health employees fired after giving data to lawmakers

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 14 20:25:22 EDT 2016


http://www.chicagotribune.com/lifestyles/health/sns-bc-mt--records-breach-20160714-story.html

Montana health officials fired two state employees for turning over
personal information, including Social Security numbers, of scores of
childcare providers to three state legislators, according to documents and
interviews with people involved in the terminations.

Montana Department of Public Health and Human Services officials recently
confirmed that the employment of the two workers was terminated last fall
after internal checks discovered the unauthorized release.

The data included personal information of 185 childcare providers taking
part in an early childhood service program, according to letters sent by
department director Richard Opper in February and March to the three
legislators.

Copies of the letters were obtained by The Associated Press and confirmed
by health department officials.

"It's a very serious issue," said department spokesman Jon Ebelt. "It's a
violation of public trust."

A former auditor with the agency, David Hansen, confirmed during an
interview that he was fired in November. He was identified in Opper's
letter as the source of the information given to the legislators. The other
employee's identity has not been released.

Hansen is contesting his firing through his union, he told the AP. He
declined to answer questions about the data other than to say he turned it
over after the legislators requested it from him.

Chris Gallus, an attorney for Burnett, R-Bozeman, disputed Hansen's account.

"He provided information that we did not request from him, and (the
information) had already been disposed of before the department made any
inquiry," Gallus said.

Opper told Burnett, Webb and Keenan in his letters to them to immediately
destroy the documents. He also requested that the lawmakers send him a list
of other documents provided by Hansen, as well as a list of people with
whom the information might have been shared.

Keenan denied receiving any personal data and said he ignored Opper's
letter.

"He has no authority over me. He's not director of the state Senate. So I
just blew it off," Keenan said Wednesday.

Webb, R-Billings, said he told Opper in a phone call that the claims in
Opper's letter were unfounded, but would not say whether he received
information from the former state employee.

"I've got lots of information that is not public record from the
department," Webb said. He declined to elaborate.

Officials could not immediately say what value the information might have
for the legislators, who are among a group of Republican lawmakers
scrutinizing the agency's programs and spending, particularly the state's
Medicaid expansion program.

"It's unfortunate that legislators who opposed Medicaid expansion are
attempting to exploit information they never should have received in the
first place," Opper said in a statement.

The agency said it informed childcare providers that their personal
information had been divulged and they were offered credit protection
services.

Republican lawmakers are pressing the state for information about Medicaid
enrollees, including income data that they say could clarify the state's
financial obligations because of Medicaid expansion.

On Monday, Burnett, Webb and Rep. Art Wittich, R-Bozeman, sued the
department for information about people signing up for the program under
the state's Medicaid expansion program. All three have been concerned about
possible fraud and have sought government records to buttress their claims.

Medicaid provides health insurance to low-income residents. A divided
legislature last year expanded eligibility qualifications for the program.
Since new eligibility rules went into effect earlier this year, more than
44,000 low-income Montanans have enrolled under the new guidelines.

Copyright 2016 The Associated Press. All rights reserved. This material may
not be published, broadcast, rewritten or redistributed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160714/003a0e8c/attachment.html>


More information about the BreachExchange mailing list