Medicaid Incident Leads Breach Roundup

1,400 Affected by Mailing Error
Medicaid Incident Leads Breach Roundup

In this week's breach roundup, a Medicaid HMO plan in Missouri is notifying almost 1,400 enrollees that their personal information was mailed to an incorrect address due to a vendor error. Also, the UK Information Commissioner's Office has fined the Bank of Scotland £75,000 after customer account details were repeatedly faxed to the wrong recipients.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Mailing Error Exposes Patient Info

MO HealthNet, a Medicaid HMO program in Missouri, is notifying almost 1,400 enrollees that their personal information was mailed to an incorrect address due to a software programming error by one of its vendors, Infocrossing Inc.

The misdirected mailing included participant name, date of birth, identification account number, county name, phone number, and the last four digits of the Social Security number, according to a statement from the Missouri Department of Social Services.

The Medicaid plan is notifying those affected that Infocrossing is offering them free credit monitoring services for two years, the statement says.

Fax Errors Lead to £75,000 Fine

The UK Information Commissioner's Office has fined the Bank of Scotland £75,000 (about $115,500) after customer account details were repeatedly faxed to the wrong recipients.

The improperly faxed information includes pay-slips, bank statements, account details and mortgage applications, as well as customer names, addresses and contact details, according to the ICO.

The documents were improperly faxed over a four-year period, with the first incident reported in February 2009 by a third-party organization. That organization received at least 21 of the documents, and a member of the public received 10 misdirected faxes, ICO reports.

Despite being notified of the error, the misdirected faxes continued, the ICO says.

"The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines," says Stephen Eckersley, head of enforcement at the ICO. "To send a person's financial records to the wrong fax number once is careless. To do so continually over a four-year period, despite being aware of the problem, is unforgivable and in clear breach of the Data Protection Act."

View the monetary penalty notice.

Clinic Reports Employee Breach

Rocky Mountain Spine Clinic in Denver is notifying 532 patients that their protected health information was inappropriately sent by a former employee to her personal e-mail account.

The employee, who worked in the clinic's billing department, created a document containing the information and sent it to her personal e-mail account, according to The Denver Post.

The employee was fired and a police report was filed, but no charges are expected in the case, the news report said.

Compromised information included patient names, insurance company information and tracked patient surgeries.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.