A portable hard drive containing personal health information was reported lost, putting records of 280,000 Medicaid enrollees in Pennsylvania at risk. The Philadelphia Inquirer reported that Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan used this portable hard drive at community health fairs, and that it was lost within the companies’ corporate offices.
The hard drive contained names, addresses and health information of the enrollees along with their health plan ID numbers and the last four digits of the Social Security Numbers of 801 plan members.
The two managed care organizations which cover a total of 400,000 Medicaid patients in the state, reported that immediate steps have been taken to strengthen their operational protections in order to ensure that such an incident doesn’t take place again. They have also undertaken to provide credit monitoring to those enrollees, whose Social Security Numbers are at risk.
Although other similar data breach incidents have been reported in the past, in this case, the managed care organizations have promptly taken action to avoid such occurrences in future. While they have taken steps to strengthen their security measures, an efficient vulnerability management solution could have actually prevented this incident. So, health care providers should ensure that adequate measures are taken to prevent security breaches, rather than taking corrective action after the damage has occurred.