Vermont agency exposes Medicaid members' email addresses

The Department of Vermont Health Access exposed the email addresses of 127  health insurance consumers after sending out an online survey, according to VTDigger.

The survey was issued via email July 20 to 37,000 people, most of whom were Vermont Health Connect and Medicaid customers. The email included a link to the survey and used "the same distribution list that we use to contact members about open enrollment deadlines or resources for selecting a [health] plan," a department spokesperson told VTDigger.

Seven recipients replied to the department's email questioning the legitimacy of the survey. However, an "erroneous" email setting meant those replies were sent to everyone on the distribution list, and an estimated 120 people replied to those emails, as well.

No protected health information was exposed, but VTDigger reports it is not clear whether HIPAA applies since email addresses constitute personally identifiable information

Going forward, the agency said it plans to ensure all of the emails it sends have a clear and easy way for recipients to verify their legitimacy, the spokesperson said.  

More articles on cybersecurity:

Homeland Security: Attacks against supply chain, HR business management systems on the rise
Email hack jeopardizes 105K patient records at Nebraska hospital
Missouri family practice warns 45K patients of breach after ransomware attack

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers