DHHS reveals potential Medicaid data breach

Agency spokeswoman Kendra Gerlach said the agency mailed out letters Friday to affected patients, informing them of the possible breach.

Although the breach occurred Aug. 19, DHHS officials didn't tell the public until Friday afternoon. Gerlach said the delay was necessary because DHHS "must investigate thoroughly and ensure there is full understanding before determining next steps."

According to the agency, a DHHS employee "inadvertently sent an email to the Granville County Health Department without first encrypting it."

The email included a spreadsheet containing protected health information for Medicaid recipients, which the agency says "included the individual's first and last name, Medicaid identification number (MID), provider name and provider ID number, and other information related to Medicaid services."

Gerlach said the information did not include any birth dates and included only two Social Security numbers, both belonging to patients whose use them as Medicaid ID numbers.

While DHHS was able to confirm the email was received by the intended recipients, the news release said it "cannot determine for certain that the email was not intercepted during transmission over the Internet but has no reason to believe any information was compromised."

Gerlach stressed the agency has seen no indication the spreadsheet was intercepted.

DHHS says patients affected "may take steps to protect themselves by putting a fraud alert on their credit files and by keeping an eye on their bank statements and credit card bills for any unusual or unauthorized activity."

The agency has also set up a hotline, at 1-800-662-7030, to handle inquiries.