Arrest in S.C. Medicaid Info Breach

State Worker Allegedly Took Information on 228,000 Patients
Arrest in S.C. Medicaid Info Breach

A former South Carolina state employee has been arrested for allegedly transferring personal information about more than 228,000 Medicaid recipients to his personal e-mail account.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

The information inappropriately transferred in the breach incident, according to the South Carolina Department of Health & Human Services, includes names, phone numbers, addresses, birth dates and Medicaid ID numbers. For almost 23,000 of the affected patients, Medicare numbers, which contain Social Security numbers, also were transferred. No private medical records or financial information was involved, authorities say. Nevertheless, the state is offering all those affected a year's worth of free identity protection services.

The former state worker has been charged with five counts of Medically Indigent Act confidentiality violations and one count of disclosure of confidential information, according to WMBF News.

A statement on the Department of Health and Human Services website acknowledges that the employee involved in the inappropriate transfer of information was fired.

Security Lapse

Tony Keck, department director, told WMBF that the transfer of information started in January and ended three weeks ago. "The information was not readily available, but it was available to him [the employee] through a normal reporting process, and that's where we've identified a security lapse that the department was not sufficiently requiring employees to justify their need for that information," Keck says. "That is a fairly easy lapse to close and we've done that."

The state health department has hired an external IT security firm to conduct a risk assessment of its data and IT systems security, according to the department's statement.

In another recent security incident involving Medicaid patients, as many as 780,000 Utah residents were affected when hackers accessed data on a state server.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.