cognitive cybersecurity intelligence

News and Analysis


Indiana gets the summertime blues

Summarize this content to a maximum of 60 words: This summer is hardly going to be a walk on the beach for Indiana Family and Social Services Administration, who instead will be handling the fallout from this year’s largest reported HIPAA breach to date.This July the agency notified 187,533 clients that their protected health information, financial and employment data and, in many cases, Social Security numbers have been compromised following a computer programming glitch.The breach, which resulted in clients receiving personal and private documents belonging to other clients, occurred after FSSA contractor RCR Technology Corporation made a computer programming error to a document management system the company supports for FSSA. This error caused documents being sent to clients to be duplicated and also inserted with documents sent to other clients.Client information compromised include patient names; addresses; dates of birth; demographic data; contact information; types of benefits received; monthly benefit amount; employer information; financial data such as monthly income and expenses; bank balances and other assets; medical information such as providers, disability benefits and medical condition; and certain information about the client’s household members like name, gender and date of birth.Moreover, of the 187,533 clients, 3,926 may have had their Social Security numbers disclosed.”We at RCR Technology Corporation apologize that our actions may have caused some FSSA client information to be disclosed in error,” said Robert C. Reed, president of RCR Technology Corporation, in a July 1 press statement. “We will do everything possible to prevent such an incident from happening again in the future.”Jim Gavin, spokesperson for Indiana FSSA, said the error occurred in a customized code developed specifically for the document center.”The issue occurred in one component of the document management system consisting of customized java code created specifically for use on our eligibility system,” wrote Gavin in an emailed statement to Healthcare IT News. “The specific problem was an improperly used variable.”Officials say the programming error was made on April 6 and affected correspondence sent between April 6 and May 21. The error was discovered on May 10. RCR determined the root cause of the programming error and it was corrected on May 21, according to officials.”Clients entrust their information to us and we take the security of that information very seriously,” said Debra Minott, FSSA secretary, in a July 1 press statement. “We are ultimately responsible for the safekeeping of that information and regret that in this rare instance some information may have been accidentally shared inappropriately.”FSSA is providing clients with the option of a 90-day fraud alert. Most HIPAA-covered entities following a breach provide patients or clients with a year of complimentary fraud alert and credit monitoring services.This is the second HIPAA breach for the Indiana FSSA. In 2012, the agency reported the theft of a company laptop containing the protected health information of 757 clients.

Source: –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts