Healthcare News & Insights

Employee stole data on 230,000 Medicaid recipients

Just a few weeks after a massive data breach affecting hundreds of thousands of people in Utah’s Medicaid system, a breach in another state’s Medicaid office has been discovered. Both incidents highlight the threats negligent and malicious employees can pose to patients’ data security. 

The South Carolina Department of Health and Human Services (SCDHHS) discovered a data breach while conducting a performance review, the agency said in a statement. The breach may affect an estimated 228,435 Medicaid recipients.

The data theft was carried out by an agency employee, who emailed the recipients’ personal information to his own personal email account. The information taken didn’t include any medical records, but did contain names, addresses, phone numbers, birth dates and Medicaid ID numbers.

After the incident was discovered, SDSHHS fired the employee for violating its privacy policies and notified law enforcement. It isn’t known what the employee planned to do with the data.

The Utah Medicaid breach, which exposed sensitive information on approximately 780,000 individuals, may also be blamed on the important human element of information security. Though specific details weren’t given, the Utah Department of Technology Services said the breach was caused by a “configuration error” on the machine holding the data. Apparently, an employee put a server online without setting its security properly.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.