Health Share of Oregon is a Medicaid Coordinated Care Organization. They recently disclosed that they lost control of health and personal information belonging to more than 650,000 people.
The root cause in this case wasn't an elaborate hack. One of their employees had a laptop computer stolen while making use of a third-party vendor responsible for non-emergent medical transportation.
Health Share has begun the daunting task of sending out letters to every patient who had their information compromised. They're offering a free year of identity monitoring, credit monitoring, fraud consultation and identity theft restoration. That is pretty standard fare in situations like these, but also small comfort for those who have been impacted. In addition to the individual patient contact letters, the company also released a statement.
Their statement reads, in part, as follows:
"Though the theft took place at an external vendor, we take our members' privacy and security very seriously. Therefore, we are ensuring that members, partners, regulator, and the community are made fully aware of this issue."
The company also tried to reassure impacted individuals by letting them know that their personal health histories were not exposed.
That's a good thing, but the data that was stolen was extensive. It included members' names, addresses, phone numbers, dates of birth, Medicaid ID numbers, and Social Security numbers. All that is more than enough information to steal 650,000+ identities.
Health Share has set up a toll-free call center, open Monday through Friday from 8:00am to 5:30pm. The service is available to any impacted individuals with questions or concerns, which is a fantastic additional step we don't often see when things like this happen. Now, if only it hadn't happened in the first place.