[BreachExchange] CA agency reports ADAP data breach

Audrey McNeil audrey at riskbasedsecurity.com
Thu Apr 27 19:28:55 EDT 2017


http://www.ebar.com/news/article.php?sec=news&article=72556

Officials with California's public health department have said that data on
dozens of people who rely on the state's AIDS Drug Assistance Program was
breached.

The agency's Office of AIDS said in its monthly report for April that it's
"identified 93 ADAP clients whose information in the AJ Boggs portal was
likely inappropriately accessed by an unknown individual (or individuals)
who were not authorized to access the information between July and November
2016."

Although the number of affected clients is relatively small – ADAP, which
helps people get access to the medications they need to stay alive, has
29,000 clients in California – the revelation comes as the health
department continues trying to fix other problems with the system.

Boggs had been awarded the contract to oversee ADAP eligibility enrollment
beginning in July 2016, and trouble started soon after that. The state
terminated its contract with Boggs effective March 31. Concerns had
included clients wrongfully being dropped from the system and losing access
to medications.

The health department's report says that it became aware of the breach "on
February 7, 2017, mailed breach notification letters to these clients on
April 6, 2017, and is providing one year of credit monitoring to these
individuals."

As the agency's addressed the breach, it's also been focusing on other
parts of the ADAP program.

Magellan, another contractor that's been working with the health
department, "will continue to provide real-time 24/7 access to medications,
including a 30-day supply for existing clients who experience access issues
at the pharmacy," the health department report says.

Spokespeople for the agency didn't respond to emailed questions about the
data breach and other ADAP issues. Boggs CEO Clarke Anderson didn't respond
to an interview request Wednesday morning.

Courtney Mulhern-Pearson, director of state and local policy at the San
Francisco AIDS Foundation, said she hasn't heard of clients still
experiencing trouble with enrollment and eligibility.

"The office had extended eligibility through the end of June, so any
existing clients shouldn't have any problems anyway," Mulhern-Pearson said,
adding, "I think there are technical issues they're working out with the
system, but it so far appears like the system works better. We won't really
know until" people's eligibility determinations happen.

Mulhern-Pearson said she'd like for the Office of AIDS to put "an ongoing
list" of what it's working on and the status of its work online.

She also said that 94 clients' data had been breached, one more than the
office reported.

"I have not come across anyone who was among those clients," she said.

The Office of AIDS also announced in its report that Sandra Robinson has
been named ADAP branch chief. Robinson, who started April 17, most recently
served as the chief of Healthy Aging Programs with the state's Chronic
Disease Control Branch.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170427/a9ee804d/attachment.html>


More information about the BreachExchange mailing list