Health Share of Oregon vendor GridWorks had a laptop stolen during an office break-in – it contained Medicaid members’ personal information
Personally identifiable information of 654,362 Medicaid’s members was disclosed due to a data breach. According to news sources, the information was breached on November 18, last year, due to a laptop theft from the GridWorks IC – a vendor employed by Health Share of Oregon.[1]
Health Share of Oregon is the state’s biggest Medicaid CCO (coordinated care organization) that provides service to the Oregon Health Plan[2] members that are from Washington, Multnomah, and Clackamas.
The information that was located on the stolen laptop included names, surnames, residence addresses, mobile phone numbers, birth dates, social security numbers, and Medicaid ID codes of the members. Luckily, no private medical information was located on the stolen device.
Health Share of Oregon published news about the data breach on the official website
Health Share is taking action as soon as it learned about the data breach, and promised to aid victims of the incident. The company said it would send informative emails to those affected on the February 5 and provide a year’s worth of service of free credit monitoring:[3]
On February 5, 2020, Health Share will mail letters to all members whose information was stored on the computer. This letter will include an offer of one year of free credit monitoring and identity restoration services.
The company also claims that it will improve the safety of its services and try to save as little private information about members as possible on electronic devices. However, neither Health Share or its contractor GridWorks cannot provide any particular details on what has happened to the stolen laptop. Furthermore, it still stays unclear if any of the stolen personal information was put up for sale or misused in other ways.
Health Share of Oregon has provided some tips on what people can do in order to protect their private information. Some of the measures include contacting the Federal Trade Commission for additional aid when it comes to protection, signing up for identity monitoring and restoration services, including a fraud warning in credit files, taking care of financial statements attentively, reporting all possible breaching activities to the Federal Trade Commission, etc.
Data breaches affected health organizations numerous times before
Medicaid CCO members are not the only ones that suffered from unauthorized data exposure in the medical field. One of such incidents involving patients of Methodist Hospitals occurred in October last year when information of 68,039 patients was exposed.[4]
The data leak occurred when two employees’ email accounts got remotely hacked during the summer of 2019. Even though there was not any clear evidence that the data was somehow misused by malicious actors, it still included a lot of personal details such as names, surnames, addresses, group numbers, SSNs, driver license numbers, banking account codes, credentials, electronic signatures, medical history.
If not taken care of properly, private information can get exposed very easily. Even if you are just a regular computer user, you still should take some precautionary measures. Do not place any personal information where it does not really need to be, register to services that you need and use strong passwords to protect them. Also, enabling a multi-factor authentication[5] method will add another layer of protection.