As many as 68,000 members of CalOptima, the Medicaid plan for Orange County, California, may be at risk of identity theft and fraud after several CDs containing their personal information disappeared while in transit, the agency reported.
"CalOptima`s claims scanning vendor sent the electronic media devices to CalOptima through the U.S. Postal service by certified mail," the agency said. "On Tuesday, October 13, 2009, CalOptima discovered the apparent loss of the devices when the external packaging materials were delivered by the U.S. Postal Service without the box containing the devices."
The missing discs include patient information such as names, addresses, Social Security numbers, diagnoses, and billing codes. CalOptima said it notified state and federal agencies of the breach on October 14, and posted an alert on its Web site on October 15.
CalOptima is currently negotiating with one of the three major credit reporting agencies -- Equifax, Experian, and Trans Union -- to provide credit monitoring services for the affected members. The agency is also investigating why the data was not encrypted prior to its delivery.
The CalOptima incident comes at a sensitive time for rules governing data breaches or compromises. The economic stimulus package had initially contained rules that mandated disclosing breaches of personally-identifying health information held by organizations covered under the Health Insurance Portability and Accountability Act (HIPAA).
But the Department of Health and Human Services (HHS)`s interpretation of the law allows for a "harm standard," where the business affected does not have to disclose any information about the breach unless there is a risk of significant financial harm to itself or an affected individual. Critics say HHS` interpretation of the law effectively guts its usefulness as a data breach warning tool.
The CalOptima breach required mandatory reporting, even without the new laws, as some of the breached information included Social Security numbers.
|
30.10.2009
68,000 CalOptima Members at Risk in Data Breach
As many as 68,000 members of CalOptima, the Medicaid plan for Orange County, California, may be at risk of identity theft and fraud after several CDs containing their personal information disappeared while in transit, the agency reported. "CalOptima`s claims... |
|
09.06.2009
T-Mobile Confirms Data Breach
After an unknown individual publicly posted what they claimed were sensitive records belonging to telecom provider T-Mobile, the company confirmed that it had been hacked, but that the information was not sensitive or endangering of customer privacy.The alleged... |
|
14.06.2009
T-Mobile: No Hacking in Data Breach
After an unknown individual publicly posted what they claimed were sensitive records belonging to telecom provider T-Mobile, the company confirmed that the data had been purloined, but aggressively denied any claim that it had been hacked.The alleged culprit... |
|
23.06.2009
TJ Maxx Settles Data Breach Charges
Retail chain TJX, operator of TJ Maxx stores, has settled charges with 41 states, resolving a 2007 security breach that exposed thousands of customers` sensitive financial information.The company was charges with failure to appropriately protect its customers`... |
|
27.07.2009
TJX Pays $9.75 Million To Settle Data Breach
Retailer TJX Companies, Inc., has reached a $9.75 million consumer protection settlement with 41 states, stemming from a breach of sensitive data about thousands of customers.The company is the parent of the T.J. Maxx and Marshalls discount clothing chains and... |
|
