Employee Sends Medicaid Info of 228K To His Yahoo! Account

A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.

MedicaidA South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.

Christopher Lykes Jr., 36, of Swansea, South Carolina was charged with five counts of violating the confidentiality of the state’s Medically Indigent Assistance Act and another count of disclosing confidential information, according to paperwork from South Carolina Law Enforcement uncovered by the newspaper. 

Lykes, a former employee of the South Carolina Department of Health and Human Services (SCDHHS), transferred the personal information of 228,435 South Carolinians to his personal Yahoo! e-mail account from January 31 to April 2.

According to SCDHHS Director Tony Keck, speaking with WSPA-TV, the patients’ information wasn’t readily available to Lykes, but was “available to him through a reporting process.” The agency fixed what they deemed a ‘security lapse’ after the breach was discovered April 10 and Lykes was fired the following day.

While the Department stressed that they don’t believe any patients’ health or financial information has been compromised, the information that Lykes was able to secure was forwarded on to one other person, according to The State. What’s perhaps even more cause for concern however is the fact that the patients’ social security numbers were used as Medicare ID numbers, according to Keck. 

The state has teamed up with Experian to distribute a free credit report, daily credit monitoring and a $1 million identity theft insurance policy to those affected.

A similar Medicaid breach recently affected patients in Utah following a hack of the Utah Department of Health. While it seemed that only 24,000 people were at risk of having their information stolen initially, a whopping 780,000 were later found affected by the breach.

Suggested articles

Discussion

  • williamcolliers@live.com on

     

    Unfortunately, right now insurers do cherry pick in a way that I think should be illegal. Insurance should not be about risk management, where companies use computer models to slice and dice their customer base into smaller and smaller segments to exclude more and more people. That's not a legit way that health insurance should be sold, only solution for precondition is being "Penny Health"

     

  • Anonymous on

    This is not good. Employees need to have integrity and companies need to continue to be diligent in educating on impact this has to the people and the business. Not to mention the Medicaide program that's suppose to help the people. State employees are no different. I am so glad my company values this #1 Rule. Follow the rules. There is a reason why these rules and regulations are there, to protect all of us. Over zealous or not in our jobs and thinking we can do better is one thing but to purposely do this should be criminally charged. Punishment for this should be higher.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.