Health department Medicaid breach impacts 228,000

In the latest chapter of compromised beneficiary information, a South Carolina Department of Health and Human Services (SCDHHS) employee sent personal data for more than 228,000 Medicaid recipients to his personal, unsecured email account, The State reports.

Information stolen included names, phone numbers, addresses and birth dates, as well as Medicare ID numbers for more than 22,000 people, according to the newspaper; Social Security numbers double as the latter. The breach was discovered April 10 and the employee--Christopher Lykes--was terminated last week, as well, according to

So far, the former employees' motives remain unclear, but SCDHHS director Tony Keck told the newspaper that he thought too much data was moved for the incident to be accidental. "So far we've been provided with no reasonable explanation of why the employee would have this information," he said.

The department--which said it will provide free credit monitoring to anyone impacted--now potentially faces millions of dollars in fines, Keck told The State.

This breach comes on the heels of the now infamous Utah Medicaid data breach, in which information for nearly 800,000 recipients was compromised. In that incident, Eastern European hackers were able to crack a weak password, according to a post in Bits, the New York Times' technology blog. Social Security numbers for 280,000 beneficiaries were stolen and, according to the Salt Lake Tribune, the state's governor has launched a security audit of all of the state's data systems.

To learn more:
- read this article from The State
- here's the SCDHHS announcement
- check out this accompanying flyer (.pdf)

Suggested Articles

Errors in diagnostic tests and medication safety events pose the biggest risk to patients in ambulatory care settings, according to a new analysis.

Healthcare innovation network AVIA has secured $22 million in its latest funding round.

The growing role of data in our lives raises important questions about data access and ownership. Who rightfully owns the data?