The Mississippi Division of Medicaid notified roughly 5,220 individuals of a potential exposure of their protected health information.
Officials learned April 7 a service the agency used to create online forms may have compromised select individuals' PHI. When users submitted information through the online form, their responses were also emailed to a designated staff member. During an investigation, DOM confirmed the emails were stored in a secure manner upon receipt, however, the emails were not transmitted in a secure or encrypted manner.
Upon discovering the issue, officials removed the online forms from the agency's website and terminated its use of the online form service. The unsecure email transmission may have exposed names, dates of birth, admission dates, Social Security numbers and Medicare or Medicaid identification numbers, among other data. Investigators estimated the potential exposure spanned May 2, 2014, to April 10, 2017.
There is no indication this information was compromised or misused during this period, Mississippi Division of Medicaid officials said in a statement. The agency is in the process of strengthening its technological safeguards and revising its privacy and security procedures.
"It is highly unlikely that the data was compromised, since the typical internet user would not know how to capture it during transmission," Keith Robinson, security officer for the division, said in a statement. "The data storage was secured both at the originating source and the destination [DOM], reducing the risk of the data being compromised."
Click here to view the full notification.