Skip to main content
Back
Office of the Medicaid Inspector General of New York

Office of the Medicaid Inspector General of New York Data Breach (2012)

Office of the Medicaid Inspector General of New York

mediumVERIS
Disclosed

October 12, 2012

4914 days ago

Records

17.7K

Confirmed

Root Cause

Human Error

Industry

Government

Description

Office of the Medicaid Inspector General reports N.Y. breach The Office of the Medicaid Inspector General (OMIG) sent out a release on Monday stating that an internal employee in New York had sent out 17,743 Medicaid patient records to their own email account on Oct. 12, 2012. Potentially-compromised information may have included patients first and last names, dates of birth, Medicaid client information numbers and Social Security numbers. According OMIG, the employee didnt have its consent to send out the email and has been placed on administrative leave. The New York State Inspector Generals office is conducting its own separate investigation. OMIG expects all employees to act in a professional, ethical manner while in the workplace, and will not tolerate behavior that leads to the release of confidential information, said Medicaid Inspector General James C. Cox. Whats unique about this letter is the level of detail OMIG went into in describing how it plans on improving security measures. Sending each person a letter containing instructions on how to monitor his or her credit and ways in which to ensure that what was inappropriately sent to the employees home computer not translate into identity problems for the individuals involved. Since the breach happened, OMIG said that it has devised tighter controls in its information technology department to limit access to data, ensuring that only those investigators and auditors who need data for specific investigatory or auditing purposes can retrieve such information. Under this enhanced approach, the employee would not have had access to the information included in this breach. OMIG has also retrained all agency employees on data security, using a nationally accredited program. User authentication and internal monitoring should be top-of-mind for OMIG and its transparency in needing help in those areas is refreshing in comparison to other organizations that provide vague promises to augment security procedures in the future.