Colorado Medicaid Breach May Have Exposed Private Data of Hundreds of People

Media Division | July 19, 2017

Time and time again, breaches continue to happen as a result of inadequate security and overlooked mistakes. A breach can come about from something as simple as an incorrect setting or permissions error, which is a situation that has been happening far too frequently. We have written about several different incidents that have resulted from the above mishaps, and some of them have involved quite large organizations. Another recent incident along this line has involved the Colorado Medicaid system, and it left almost 1,000 people’s private data potentially exposed.

How the Breach Came About

Colorado Medicaid had contracted with a third party vendor called DXC Technology, and the purpose was to have them run their revamped payment system. This third party has now said that a “system glitch” may have resulted in an accidental sharing of the health information of 822 people. The Colorado Department of Health Care Policy and Financing and DXC had conducted a security review, which had discovered that protected health information was “potentially accessible” from March 1 to May 10. This had come about from a hyperlink that led to 12 Medicaid billing reports containing information such as patient names, Medicaid numbers, doctor’s names and addresses, medical codes and dates for services received. Fortunately, the exposed information did not involve highly sensitive data like Social Security numbers, birth dates, or patient addresses, according to DXC. They also said that they have no reason to believe that the exposed data has been used inappropriately, but they are offering a free year of identity theft protection to those that were affected.

It is good that DXC appears to be taking the breach quite seriously, especially by providing identity theft protection services. Taking care of those affected by a breach is one of the most important steps in properly mitigating an incident. Trust and reputation can be heavily damaged by the occurrence of a breach, and an organization must display to their public that the issue is being handled.

This whole situation comes in the wake of already heavy criticism of the DXC system because of payment delays. The system had gone live on March 1st and was pretty much immediately followed by complaints from Medicaid healthcare providers, as their requests for reimbursement were being denied or stalled. Some smaller provider offices were even having to take out loans to pay employees.

Bolstering Security to Prevent Cyber Attacks

Obviously, not all breaches stem from an organizational mishap or accident, as some come about from brute force attacks or cleverly designed threats. But, this is still no excuse for an organization, as there are numerous security tools available these days that can help to prevent cyber attacks. There really is no valid reason or explanation for having lacking security. Some may make the point of being unable to afford it, but realistically, cyber security is an investment for the organization and can save money in the long run. A single attack or breach can have immediate data and financial losses, but it can also bring about further loss down the road. Customers may take their business elsewhere, and partners may no longer wish to contract with a breached organization, both of which can lead to great revenue loss. It is vital that an organization implements modern security tools and services, such as monitoring, intelligence, and of course the basics of antivirus and firewall. Doing anything less can easily leave them vulnerable to hackers and threats. Massive Alliance offers a wide range of security services and tools that can help organizations to proactively prevent cyber attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.