The Mississippi Division of Medicaid (DOM) has notified 5,220 individuals of a potential breach of protected health information. The exposure occurred when emails containing patient information were sent unencrypted.
DOM officials became aware of the breach on April 7 when an online service used to create DOM website forms submitted information that was emailed to staff. This email was sent unsecured and lead to possible exposure of information entered on the form. From May 2, 2014, to April 10, the exposure duration contained six different forms that may have included names, birth dates, addresses, phone numbers, emails, health insurers, Social Security numbers and conditions.
Once discovered, the online forms were removed from the website and deleted. The breach had no impact on whether an individual was approved or denied. While DOM reported the emails were stored in a secure manner after being received, the agency has begun strengthening technological safeguards and polices regarding privacy and security.
“It is highly unlikely that the data was compromised, since the typical internet user would not know how to capture it during transmission,” said Keith Robinson, security officer for DOM. "The data storage was secured both at the originating source and the destination [DOM], reducing the risk of the data being compromised."