The South Carolina Department of Health and Human Services recently announced a data breach involving the personal information of 228,435 Medicaid beneficiaries, CMIO reports (Byers, CMIO, 4/19).
On April 10, SCDHHS discovered that an employee violated agency policy by transferring personal data on Medicaid beneficiaries to a personal email account (Goedert, Health Data Management, 4/19).
The agency said that the incident does not involve medical information or affect current beneficiaries' Medicaid eligibility (CMIO, 4/19).
SCDHHS said that the compromised data include:
- Birth dates;
- Phone numbers; and
- Medicaid ID numbers.
The compromised data also included the Social Security numbers of 22,604 beneficiaries (Health Data Management, 4/19).
Response to the Breach
SCDHHS has contacted the South Carolina Law Enforcement Division, which now is conducting an investigation of the incident (Conn, Modern Healthcare, 4/19).
The department will offer affected beneficiaries one year of credit and identity theft protection services, including a $1 million identity theft insurance policy. The agency also has frozen most employees' access to aggregate personal health information and hired an external firm to conduct a data and IT systems risk assessment (Health Data Management, 4/19).