Lost USB drive compromises info for Medicaid recipients

When it comes to health data breaches and hack attacks, the state of Utah can't seem to catch a break. In the latest incident to plague the Beehive State, an employee of an outside contractor for the Utah Department of Health--Goold Health Systems--lost an unencrypted USB memory stick containing personal information for 6,000 Medicaid clients. Goold, according to a UDOH announcement, processes Medicaid pharmacy transactions for the agency.

According to UDOH, the employee lost the device--which included the names, ages and identification numbers of Medicaid recipients, as well as a recent history of prescription drug use--traveling between Salt Lake City, Denver and Washington, D.C. Social Security numbers and financial information were not contained on the device.

"We have no reason to believe the data were targeted by anyone to be used for malicious purposes," UDOH Deputy Director Michael Hales said in a statement. "Nevertheless, we understand the anxiety this will likely cause, and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program."

The employee has yet to be identified, according to the Associated Press. GHS confirmed to UDOH on Jan. 15 that the data were missing.

Last fall, hackers infiltrated the Utah Health Exchange, causing the web portal to be useless for roughly a week by littering the site with graffiti comprised of "garbled" words and "blurred" headlines. Last March, meanwhile, Eastern European hackers gained access to healthcare information for close to 780,000 Medicaid patients in Utah. Social Security numbers for 280,000 beneficiaries also were compromised in that incident.

To learn more:
- read the UDOH announcement
- here's the AP article