The private health information of more than 91,000 Medicaid clients were compromised when an investigation found a data breach that involved two state employees. The employees - a brother and sister - swapped emails containing personal data and health information of Medicaid clients for almost two years.
The affected clients are currently enrolled in the Apple Health Medicaid Program in the state of Washington. The clients have already been notified about the data breach.
The woman worked at the state's Health Care Authority (HCA) as a medical-assistance specialist while her brother worked at the Department of Social and Health Services (DSHS) as an Internet technician.
Their emails, which were sent from 2013 and 2015, enclosed the Medicaid clients' date of birth, Social Security numbers, Apple Health identification numbers and other private health data.
Officials from both DSHS and HCA confirmed that the said state employees have been fired.
The sister asked for technical help from her brother concerning spreadsheets that contained the clients' information. The duo told investigators that the information was not forwarded to unauthorized third parties or used in any improper way, said HCA risk manager Steve Dotson.
Unfortunately for them, the unauthorized transfer of information is a violation of the Medicaid clients' privacy rights. Federal officials will handle the case for further review, which includes a potential criminal investigation.
"While we have no indication that the client files went beyond the two individuals involved, important privacy laws were violated and we are exercising caution and due diligence given the nature of the information," said Dotson. The case is treated as a data breach since state officials are unable to confirm if the data were confined in the state systems.
More than 1.8 million people in the state of Washington are covered by the HCA through the Apple Health program, which offers free health care to low-income residents. The HCA notified the affected Medicaid clients on Feb. 9, and is offering free credit monitoring for the affected clients for one year.
"Our first and foremost priority is protecting our clients' personal information," said Dotson. "We have taken swift action to address this issue and help prevent future incidents."
In January, Tech Times reported on another incident that put the private information of nearly 950,000 individuals at risk. Health insurance company Centeno announced that it is missing hard drives containing clients' personal information and is currently conducting an investigation to locate the storage devices.
Photo: Pictures of Money | Flickr