WellCare Health Plans Inc. Data Breach (2008)

WellCare of Georgia, Inc. today announced that a human error made some Georgia Families member data available on the Internet. On March 28th, WellCare secured the data on its own computer systems and by April 2nd, all WellCare member information had been removed from the Internet. We were able to determine what data was available on the Internet, explained Anil Kottoor, WellCares chief information officer, and we are notifying anyone who might have been affected. WellCare believes that this affected only our Georgia Families membership in Georgia, and not our Medicare coordinated care, private fee-for-service or prescription drug plan membership. The files exposed did not contain credit card, debit card or financial account numbers. They may have contained personal identifying information, such as a members name, birth date, dates of eligibility, Medicaid or PeachCare for KidsTM member identification number, social security number or other health plan related information. At this time, WellCare is not aware of any misuse of its member information due to the accidental exposure of the file on the Internet. WellCare is now notifying in writing the members who could have been affected by this incident. Members should receive those letters by the middle of this week. WellCare is offering to pay for one year of credit monitoring for those individuals. WellCare Health Plans Inc. has blamed human error for the disclosure on the Internet of some data for its Medicaid members in Georgia.The data included personal identifying information for some members of Georgia Families, WellCare said in a release. The files included information such as members names, birth dates, dates of eligibility, member ID numbers or Social Security numbers, but did not contain credit card, debit card or financial account numbers, WellCare said.[] Private records of up to 71,000 Georgia families who are members of health insurance programs for the poor or working poor were accidentally made available on the Internet for several days, and some of the data may have been viewed by unauthorized people, Tampa-based WellCare Health Plans Inc. said today. Knapp said there are 450,000 members of WellCare of Georgia. Those whose data was made available on the Internet included members of Medicaid, the federal health program for the poor, and PeachCare for Kids, a federal-state insurance plan for children of the working poor. Knapp said letters were being sent to 71,000 Georgia families possibly affected. WellCare of Georgia is a partnership between the Georgia Department of Community Health and private health care management organizations, she said. She said about 10,500 members Social Security numbers may have been viewed by unauthorized people on the Internet, all members of Medicaid or PeachCare. There is a possibility that an initial 59,000 members may have had some personal information made accessible, so we are notifying them as well, just to be safe, Knapp said. A Web developer prepared a copy of a DCH report folder that was to be deployed to our Georgia Web portal but instead made it accessible on the Internet. She said at least 53 folders of names were accessed 248 times. She also said it could not be determined which secret pages had been viewed.