[BreachExchange] Arkansas Info Breach for 26K on Medicaid

Audrey McNeil audrey at riskbasedsecurity.com
Fri Sep 15 14:01:50 EDT 2017 

http://www.arkansasmatters.com/news/local-news/arkansas-
info-breach-for-26k-on-medicaid/811920842

The Arkansas Department of Human Services (DHS) has determined that
spreadsheets with personal and health information for some Medicaid
beneficiaries were emailed to an employee’s home email address,
constituting a breach of information as described in state and federal law
and DHS policy.

After manually counting and sorting names to identify duplicates, DHS found
that there were 26,044 unique names of Medicaid beneficiaries on the
spreadsheets with linked Medicaid identification numbers, some social
security numbers and codes for medical procedures that beneficiaries
underwent.

“We at DHS want to make sure beneficiaries are aware of this situation,
understand what happened and know the steps we are taking to ensure
something like this doesn’t happen again,” said DHS Director Cindy
Gillespie. “The privacy of beneficiaries is important to us, and we take
this situation very seriously.”

The emailed spreadsheets were discovered as attorneys prepared to represent
DHS in court against a wrongful termination lawsuit. The DHS privacy
officer was notified by attorneys of the emails and reviewed the materials
to determine the scope of the breach.

DHS is sending a letter to affected beneficiaries, and all DHS employees
have been reminded about the responsibility DHS has to protect beneficiary
information.

Gillespie noted that all DHS employees undergo security and privacy
training and cannot gain internet access at work until they pass a test on
what they were taught. The training includes the prohibition of emailing
confidential information outside the scope of a person’s job. DHS is
working with attorneys to recover the spreadsheets and has contacted the
Pulaski County Prosecuting Attorney’s office to pursue criminal charges and
prosecution.

The DHS Office of Security, Compliance and Integrity will review the
situation to determine whether there are additional steps DHS can take
ensure this does not happen again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170915/a5b8acb4/attachment.html>

More information about the BreachExchange mailing list