Mississippi Division of Medicaid notifies more than 5,000 after discovering data were not securely transmitted for more than three years
The Mississippi Division of Medicaid (DOM) is informing approximately 5,220 individuals of the potential exposure of their protected health information (PHI).
On April 7, 2017, DOM officials became aware of an issue with the online service the agency used to create forms posted to DOM’s website (http://medicaid.ms.gov). Once an online form was submitted the information was also emailed to designated staff within the agency. The email containing the information was not transmitted in a secure manner (i.e. encrypted). This resulted in the possible exposure of information that may have been entered into certain online forms.
Upon investigation, DOM can confirm those emails and the accompanying information included were stored in a secure manner once received.
This incident had no impact on an individual’s eligibility determination (if they were approved or denied for Mississippi Medicaid), nor on a beneficiary’s benefits if they are currently enrolled and receiving Medicaid services.
Once the error was discovered, the online forms were immediately removed from the website and use of the online form service was terminated. The agency is also in the process of strengthening technological safeguards, in addition to revising policies and procedures addressing privacy and security regulations.
The estimated duration of potential exposure was between May 2, 2014, and April 10, 2017. The incident was limited to six different forms and may have included names, birth dates, addresses, phone numbers, email addresses, admission and enrollment dates, health insurer, condition, Social Security numbers, and Medicare and/or Medicaid identification numbers.
DOM officials say there is no reason to believe any information was compromised during the occurrence, but the agency is informing individuals as required.
“It is highly unlikely that the data was compromised, since the typical Internet user would not know how to capture it during transmission. The data storage was secured both at the originating source and the destination [DOM], reducing the risk of the data being compromised,” said Keith Robinson, security officer for DOM.
The agency has not received any indication regarding unauthorized use or access of PHI related to this incident. However, individuals who believe they may be affected by this incident are advised to check their credit report with any one of the three major credit bureaus: Equifax, Experian, or Transunion.
From information provided by Mississippi Division of Medicaid