Indiana Medicaid warns patients of health data breach

A report with personal information was accessible via a live hyperlink thereby leaving medical data viewable to the public.
By Tom Sullivan
02:47 PM

Indiana’s Medicaid unit is sending breach notifications to patients after discovering that medical records were exposed beginning in February 2017.

IHCP’s notification comes amid an ongoing stream of data breaches; the latest examples being Cleveland Medical Associates notifying patients last week about a ransomware attack that took place on April 21 and Princeton Community Hospital in West Virginia falling victim to a Petya attack.

[Also: 22,000 patients affected by ransomware attack on Cleveland Medical Associates]

Indiana’s Health Coverage Program said that patient data was left open via a live hyperlink to an IHCP report until DXC Technology, which offers IT services to Indiana Medicaid, found the link on May 10.

That report, DXC said, contained patient data including name, Medicaid ID number, name and address of doctors treating patients, patient number, procedure codes, dates of services and the amount Medicaid paid doctors or providers.

[Also: West Virginia hospital replaces computers after Petya cyberattack]

“No other information was accessible,” IHCP and DXC said in a statement, adding that they have “no reason to believe this information has been or will be used inappropriately.”

The organizations also noted that they have taken steps to mitigate risk, including offering a free year of credit protection to those it is notifying of the breach.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.