Indiana Medicaid warns patients of health data breach
Indiana’s Medicaid unit is sending breach notifications to patients after discovering that medical records were exposed beginning in February 2017.
IHCP’s notification comes amid an ongoing stream of data breaches; the latest examples being Cleveland Medical Associates notifying patients last week about a ransomware attack that took place on April 21 and Princeton Community Hospital in West Virginia falling victim to a Petya attack.
Indiana’s Health Coverage Program said that patient data was left open via a live hyperlink to an IHCP report until DXC Technology, which offers IT services to Indiana Medicaid, found the link on May 10.
That report, DXC said, contained patient data including name, Medicaid ID number, name and address of doctors treating patients, patient number, procedure codes, dates of services and the amount Medicaid paid doctors or providers.
“No other information was accessible,” IHCP and DXC said in a statement, adding that they have “no reason to believe this information has been or will be used inappropriately.”
The organizations also noted that they have taken steps to mitigate risk, including offering a free year of credit protection to those it is notifying of the breach.