/*
/*]]>*/

Arkansas DHS Breach 2017

January 2, 2018

Arkansas DHS Breach 2017

Navigation:
< Back

Arkansas-State-data-security-naic-cyber-insurance-risk-assessment-wisp-incident-response-define-rmm-flaw-hypothesis-methodology-high-assurance-guard

In 2017, the Arkansas Department of Human Services (DHS) experienced a data breach affecting over 26,000 Medicaid recipients. A former DHS employee emailed spreadsheets containing personal health information (PHI), including Medicaid ID numbers and potentially Social Security numbers, to a personal email address. The breach was discovered during legal proceedings related to the employee’s termination. 

Key Details:
  • Affected Information: The breach involved spreadsheets containing Medicaid ID numbers, dates of birth, billing codes, diagnoses, and potentially Social Security numbers of Medicaid recipients.
  • Breach Date: The breach was reported to the DHS Privacy Office on August 7, 2017, but the unauthorized access likely occurred earlier.
  • Breach Cause: A former DHS employee, while preparing for a wrongful termination lawsuit, emailed spreadsheets containing sensitive information to her personal email address.
  • Number of Affected Individuals: Initially, DHS reported over 26,000 unique names of Medicaid beneficiaries on the spreadsheets, according to the Arkansas Department of Human Services (.gov)Later reports indicate the number of affected individuals was 29,023, according to the Arkansas State Legislature.
  • DHS Actions: DHS launched an investigation, notified affected individuals, and referred the matter to law enforcement for potential criminal charges.
  • Employee Actions: The employee was fired by the state hospital due to the breach. 

 

https://www.arktimes.com/ArkansasBlog/archives/2017/09/15/data-breach-at-arkansas-dhs-could-affect-26000-medicaid-beneficiaries