Activity Stream

RSS

Medicaid Clients Notified of Potential HIPAA Breach

Friday, 12 28, 2012

Media contact: Gwenda Bond or Beth Fisher (502) 564-6786, ext. 3100 or 3101

No evidence that data was compromised

FRANKFORT, Ky. (Dec. 28, 2012)--The Cabinet for Health and Family Services (CHFS) is informing 1,090 Medicaid clients by letter of a computer security breach that may have resulted in the unintentional release of information held by Hewlett-Packard Enterprise Services (HP ES), the vendor that manages Medicaid’s information management system. 

In mid-November, an employee of Carewise Health, a subcontractor of HP ES, responded to a telephone computer scam, resulting in unauthorized remote access to a computer that contained a database with information on the Medicaid clients. HP ES and Carewise Health disabled the laptop as soon as the breach was reported, and notified CHFS. Typically such scams are targeted at charging people for unnecessary computer services. While there is no evidence that the confidential contents of the database were accessed, the hacker did have access to the employee’s laptop for a brief period. The database included health and other information about the individuals being notified, including social security numbers for less than half the individuals. HP ES is arranging for those affected to receive free credit monitoring to detect identity theft for one year.

“In all likelihood, this scam was designed to receive payment from the employee in question and was never intended to be used to access or view client information,” said Rodney Murphy, executive director of the CHFS Office of Administrative and Technology Services. “However, because we cannot rule the possibility out, we are notifying clients who might have been affected by this incident. We take our role of safeguarding the personal information of those we serve very seriously and expect our vendors to uphold that commitment as well. We are working with the vendor to ensure the appropriate steps are being taken to protect against future issues of this kind.”

The Cabinet is required to notify clients individually of any potential breach involving more than 500 individuals by the federal Health Insurance Portability and Accountability Act, more commonly known as HIPAA. Individuals who believe their information may have been involved or who need additional information should contact HP ES toll-free at 1 (877) 298-6108, option 1. The number will be active for 90 days.

###

The Cabinet for Health and Family Services is home to most of the state's human services and health care programs, including Medicaid, the Department for Community Based Services and the Department for Public Health. CHFS is one of the largest agencies in state government, with nearly 8,000 full and part-time employees throughout the Commonwealth focused on improving the lives and health of Kentuckians.