The Arkansas DHS reportedly learned about the breach Aug. 7 while preparing for a lawsuit related to an individual’s alleged wrongful termination. The attorneys representing the Arkansas DHS discovered the spreadsheets, which contained 26,044 unique names of Medicaid beneficiaries with linked Medicaid identification numbers, some social security numbers and codes for medical procedures.
The former payment integrity coding analyst initiated the lawsuit after being fired March 24, according to the Arkansas Times. DHS Spokesperson Amy Webb told the Arkansas Times there is no evidence the breach has led to any instances of identity theft. However, she noted the former employee emailed the spreadsheets from her work email to her personal email March 23, one day before her termination.
“It was not an accidental email,” Ms. Webb told the Arkansas Times. “We do believe the employee had awareness that she was about to be terminated, and after a conversation with the supervisor in which it was pretty clear she was going to be terminated, she then … sent the files to her personal email account.”
The Arkansas DHS is working with attorneys to recover the spreadsheets. The department has also contacted the Pulaski County Prosecuting Attorney’s office to pursue criminal charges and prosecution.
Editor’s note: Becker’s Hospital Review reached out to Arkansas Medicaid for comment and will update as more information becomes available.
More articles on cybersecurity:
Alaska children’s services office hit with Trojan virus
North York General Hospital taps Thales, Identos for encryption services
Children’s Hospital Colorado alerts 3.4k patients of email breach
