The Wisconsin Department of Health Services and its business associate, The Management Group, notified 779 participants of its IRIS program — a Medicaid home- and community-based service for adults with long-term care needs — to a breach of their personal information after a laptop and work bag were stolen from a TMG IRIS consultant in February.
Although the stolen laptop was encrypted, its password was inside the stolen work bag despite being against company policy.
TMG determined the laptop contained IRIS participants names, addresses, dates of births, participation in IRIS, services, Medicaid numbers and financial information. The Social Security numbers of at least 23 participants were also stored on the laptop.
All affected individuals were offered one free year of identity theft protection services. Participants who believe they were affected but do not receive a notification letter by April 9 should call the TMG IRIS Consultant Agency at 844-864-8987.
More articles on cybersecurity:
Virtua Medical Group agrees to pay $418k to settle patient records breach
Allina Health restores computer network after outage affects all 14 hospitals in the system
IBM: Why fewer breached records in 2017 is bad news