Indiana Medicaid Recipients Alerted to Potential Data Breach

Share this article on:

Medicaid recipients in Indiana are being notified that some of their protected health information was accessible over the Internet between February and May this year.

The fiscal agent for the Indiana Health Coverage Program (IHCP), DXC Technology, says a hyperlink to an IHCP report containing patient information was accessible online. The report was an internal document used for administrative functions.

The information exposed was limited to names, Medicaid ID numbers, patient numbers, procedure codes, dates of service, payment amounts and names/addresses of health care providers. At no point was it possible for Social Security numbers, addresses or financial information to be accessed.

While protected health information could potentially have been accessed via the Internet, no evidence has been uncovered to suggest the link was clicked or that any information was stolen.

DXC Technology is contacting all affected individuals by mail to alert them to the potential data breach to allow them to take precautions to protect their identities and to satisfy state and federal regulatory requirements. As an additional precaution, all affected individuals are being offered complimentary credit protection services for 12 months, even though DXC Technology does not believe any information has been, or will be, used inappropriately.

DXC Technology says the issue has now been mitigated and the report is no longer accessible.

Employee of Professional Counseling and Medical Associates Stole Patients PHI

Paris, TN-based Professional Counseling and Medical Associates has discovered a former employee copied information from its electronic health record system on or around May 14, 2017.

The data theft was discovered on May 22 and the incident was reported to law enforcement and state and federal agencies. The counselling service does not believe the individual disseminated the information publicly, but the possibility cannot be ruled out.

The stolen data include names, dates of birth, home addresses and insurance information, with some individuals’ medical notes and counselling records also believed to have been copied.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On