Skip to content Skip to navigation

Another Breach for Utah DOH

January 24, 2013
by Gabriel Perna
| Reprints

For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.

Back in April, UDOH’s data server was breached. This breach led to the illegal access of 24,000 claims. 

 For the most recent breach, UDOH says the contractor, Goold Health Systems (Augusta, Maine) processes Medicaid pharmacy transactions for the agency. The Goold employee apparently saved personal health information on an unencrypted, portable USB memory device and then left UDOH headquarters with the device.  They then misplaced the device while traveling between Salt Lake City, Denver, and Washington DC. 

“There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal.  Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes,” UDOH Deputy Director and state Medicaid Director Michael Hales, said in a statement.  “Nevertheless, we understand the anxiety this will likely cause, and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program.”

According to UDOH, it is taking steps to protect the affected Medicaid identification numbers against potential fraudulent use. It says, the Office of the Health Data Security Ombudsman will commit its full resources to assisting affected clients in any way they need.  

“I have directed UDOH attorneys to review our contract with Goold Health Systems, and I fully intend to seek whatever financial or contractual remedies are available in order to ensure GHS is held accountable for this serious mistake,” UDOH Executive Director David Patton, M.D., said in a statement.  “Protecting our clients’ personal information is of utmost importance to our department, and it must be the number one priority of our contractors as well.”

Patton also stated that he hopes Goold will discipline the employee and that they will no longer be allowed to work with UDOH data.



ONC National Coordinator Gets Live Look at Carequality Data Exchange

Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.

American Red Cross, Teladoc to Provide Telehealth Services to Disaster Victims

The American Red Cross announced a partnership with Teladoc to deliver remote medical care to communities in the United States that are significantly affected by disasters.

Report: The Business of Cybercrime in Healthcare is Growing

While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.

Phishing Attack at Baystate Health Potentially Exposes Data of 13K Patients

A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.

New Use Cases Driving Growth in Health Data Exchange through Direct

In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.

Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.