United States Department of Health and Human Services Data Breach (2015)

The state Department of Health and Human Services revealed Friday that a staffer potentially compromised the confidential health information of hundreds of Medicaid patients, marking the second time in recent months this has happened. Officials said they have installed software to prevent similar data breaches in the future. They also said they have notified the affected patients, but they don't believe the personal information fell into the wrong hands. Both incidents involved a staffer sending unencrypted emails to local health departments containing patients' names, addresses, Medicaid recipient ID numbers, genders, ethnicity, race, insurance information and provider names. The first breach occurred Aug. 19 and involved 1,615 Medicaid patients. The latest breach occurred Sept. 14 and involved 524 patients. Officials said last month that the August breach didn't include dates of birth and only two Social Security numbers. But the September incident included Social Security numbers and dates of birth for the patients. The new software will intercept such emails and will block them from being sent until staffers encrypt the data, officials said. "We take very seriously our responsibility to secure the personal information entrusted to us," Dave Richard, DHHS deputy secretary in charge of Medicaid. "This technology adds a safety net and a layer of protection that goes beyond the human element. This is an important, necessary addition to our workflow."