A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.
Christopher Lykes Jr., 36, of Swansea, South Carolina was charged with five counts of violating the confidentiality of the state’s Medically Indigent Assistance Act and another count of disclosing confidential information, according to paperwork from South Carolina Law Enforcement uncovered by the newspaper.
Lykes, a former employee of the South Carolina Department of Health and Human Services (SCDHHS), transferred the personal information of 228,435 South Carolinians to his personal Yahoo! e-mail account from January 31 to April 2.
According to SCDHHS Director Tony Keck, speaking with WSPA-TV, the patients’ information wasn’t readily available to Lykes, but was “available to him through a reporting process.” The agency fixed what they deemed a ‘security lapse’ after the breach was discovered April 10 and Lykes was fired the following day.
While the Department stressed that they don’t believe any patients’ health or financial information has been compromised, the information that Lykes was able to secure was forwarded on to one other person, according to The State. What’s perhaps even more cause for concern however is the fact that the patients’ social security numbers were used as Medicare ID numbers, according to Keck.
The state has teamed up with Experian to distribute a free credit report, daily credit monitoring and a $1 million identity theft insurance policy to those affected.
A similar Medicaid breach recently affected patients in Utah following a hack of the Utah Department of Health. While it seemed that only 24,000 people were at risk of having their information stolen initially, a whopping 780,000 were later found affected by the breach.