Indiana Medicaid program notifies 31,876 members to PHI breach

Julie Spitzer -

Two separate data breaches disclosed in December 2018 exposed the protected health information of 31,876 plan members of Managed Health Services, which runs Indiana's Hoosier Healthwise and Hoosier Care Connect Medicaid programs, according to HIPAA Journal.

The first incident involved a phishing attack at LCP Transportation, a company that Managed Health Services contacts with. LCP employees received scam emails in July 2018 that allowed the attacker to remotely access their email accounts in September.

An investigation into the incident determined no PHI had been misused, but several emails in the compromised accounts stored plan members' personal information including names, addresses, dates of birth, dates of service, insurance identification numbers and descriptions of medical conditions. Roughly 31,300 individuals were affected in the incident, HIPAA Journal reports.

The second incident involved a mailing error in which plan members were sent a notification letter about an upcoming pharmacy change. The letters, however, were sent to the wrong recipients and exposed 576 plan members' names, insurance identification numbers and medication information.

Out of an abundance of caution, Managed Health Services has offered individuals affected in both incidents 12 months of free credit monitoring services. The organization has also enhanced its email security and re-trained staff on mailing processes as well as cybersecurity risks.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.