Third-party vendor breach exposes 822 Colorado Medicaid patients' PHI

The Colorado Department of Health Care Policy and Financing notified 822 of its Medicaid patients after its third party fiscal agent discovered an issue in its internet link to billing reports, a spokesman for the department told Becker's.

The department contracts with DXC Technology to provide a provider portal for Health First Colorado, the state's Medicaid program. The portal offers a platform for providers to submit and manage claims for services to Health First Colorado members.

A proactive security review of the portal determined patient information found on 12 billing reports — including Medicaid member name and ID number, healthcare provider information, patient number, procedure code, date of service and payment amount — was potentially accessible between March 1 and May 10. The reports did not contain any financial information, the spokesman said.

DXC Technology does not believe the information has been inappropriately used, but is offering one year of free credit protection services to impacted individuals. The department will maintain its five-year contract with DXC Technology, the spokesman said.

"We don't have any reason to believe there will be another breach like this," the department spokesman told Becker's. "Eight hundred twenty-two is a relatively small number. [There are] 1.3 million Medicaid members in Colorado ... But that doesn’t make [this] is any less important."

More articles on health IT:

43% of C-suite execs name cybersecurity as No. 1 operational challenge

Health IT groups meet at NIH, plan to standardize health data definitions

California issues data sharing guidance for mental health information

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months