DHHS reveals potential Medicaid data breach

Posted October 16, 2015
Updated October 18, 2015

N.C. Department of Health and Human Services

— The state Department of Health and Human Services says a breach of security protocol may have compromised the confidential health information of 1,615 Medicaid patients.

Agency spokeswoman Kendra Gerlach said the agency mailed out letters Friday to affected patients, informing them of the possible breach.

Although the breach occurred Aug. 19, DHHS officials didn't tell the public until Friday afternoon. Gerlach said the delay was necessary because DHHS "must investigate thoroughly and ensure there is full understanding before determining next steps."

According to the agency, a DHHS employee "inadvertently sent an email to the Granville County Health Department without first encrypting it."

The email included a spreadsheet containing protected health information for Medicaid recipients, which the agency says "included the individual's first and last name, Medicaid identification number (MID), provider name and provider ID number, and other information related to Medicaid services."

Gerlach said the information did not include any birth dates and included only two Social Security numbers, both belonging to patients whose use them as Medicaid ID numbers.

While DHHS was able to confirm the email was received by the intended recipients, the news release said it "cannot determine for certain that the email was not intercepted during transmission over the Internet but has no reason to believe any information was compromised."

Gerlach stressed the agency has seen no indication the spreadsheet was intercepted.

DHHS says patients affected "may take steps to protect themselves by putting a fraud alert on their credit files and by keeping an eye on their bank statements and credit card bills for any unusual or unauthorized activity."

The agency has also set up a hotline, at 1-800-662-7030, to handle inquiries.


Please with your WRAL.com account to comment on this story. You also will need a Facebook account to comment.

Oldest First
View all
  • Terry Lightfoot Oct 18, 2015
    user avatar

    Why should an employee have to manually encrypt their emails? Encryption should happen at the server level for all emails if that is the policy. More mismanagement and IT 101 mistakes from the agency that brought you Dr Wos and mini-me.

  • Paul Maxwell Oct 17, 2015
    user avatar

    The data breach involved medical information, not credit cards. Given the hot mess that DHHS has become since McCrory and his crowd moved in, is anyone really surprised?

  • Doug Smallen Oct 17, 2015
    user avatar

    How many on Medicaid even have a credit card!

  • mykesmovies Oct 17, 2015

    Our Guv. has made this department a joke.