Nearly 280,000 Medicaid patient records breached in Oklahoma hack

A hacker gained access to an Oklahoma State University Center for Health Sciences network in November and accessed folders containing Medicaid billing data.
By Jessica Davis
11:52 AM

An unauthorized user hacked into the Oklahoma State University Center for Health Sciences network in November, accessing folders that contained the Medicaid billing information of 279,865 patients.

According to the breach notice, officials discovered the intrusion on Nov. 7. The affected Medicaid folders were removed from the network and third-party access was terminated the next day.

[Also: Ransomware attack on Hancock Health drives providers to pen and paper]

OSUCHS launched an investigation and hired an outside security firm to determine whether the folders were compromised. Officials couldn't rule out third-party access.

The folders contained patient names, Medicaid numbers, provider names, dates of service and treatment information. Only one Social Security number was on the server. Officials said these folders didn't contain medical records.

However, it's important to note cybercriminals can use this type of information for medical fraud.

"For patients affected by this incident, please be alert to any healthcare services you did not receive from any of your providers," officials said in a statement. "If you learn of any services you did not receive, please contact your provider and Medicaid immediately."

OSUCHS began notifying patients by mail on January 5 and established a dedicated call center to field questions from impacted patients. The health system also updated its security features as a result of the hack.

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.