The confidential health information of 1,615 Medicaid patients may have been compromised by the North Carolina Department of Health and Human Services (NC DHHS) on August 19, 2015, though the fact that this potential breach occurred was not made public until October 19, 2015. According to Kendra Gerlach, a spokeswoman for NC DHHS, the potential breach occurred when an NC DHHS employee:
inadvertently sent an email to the Grenville County Health Department without first encrypting it. The information disclosed included the individuals’ first and last name, Medicaid identification number, provider name, provider ID number and other information related to Medicaid services. The social security number of two individuals who used this number as their Medicare ID number was also disclosed. Even though it cannot be confirmed at this time whether the unencrypted email was intercepted, all individuals that may have been affected were mailed a breach notification letter on October 16, 2015.
For those individuals who were potentially affected by this breach and individuals that may find themselves on the receiving end of a breach notification letter from a physician practice or other entity, it is beneficial that you contact one of the three nationwide consumer reporting companies and place an initial fraud alert on your credit reports. This alert will help prevent someone from opening new credit accounts in your name. A report to one agency is sufficient, because the agencies are by law required to share that information with each other. The three main consumer credit reporting agencies can be reached as follows:
Equifax: Equifax Credit Information Services, Inc.
P.O. Box 740241
Atlanta, GA 30374-0241
P.O. Box 6790
Fullerton, CA 92834-6790
In addition to placing an initial fraud alert, individuals should regularly check their bank account statements and credit card bills for any activity that appears to be out of the ordinary.
It is important to carefully review the breach notification letter that you receive carefully so that you understand what specific information was disclosed, when it was disclosed and to whom it was disclosed. If you have any questions, contact the person designated in the letter as soon as possible.