SALT LAKE CITY — Personal information for Utah Medicaid recipients has once again been compromised after a USB memory stick containing the data was lost, the state Department of Health announced Wednesday.
Data for about 6,000 recipients was lost by an employee of an outside contractor while traveling, the agency said in a statement.
The security breach comes less than a year after the Department of Health announced hackers broke into a government server and stole the personal information of about 780,000 Medicaid recipients and participants in the Children's Health Insurance Program, including the Social Security numbers of about 280,000 of them.
Utah's chief technology officer resigned in the wake of the spring 2012 theft.
The Health Department on Wednesday said the most recent breach is limited to Medicaid recipient's names, Medicaid identification numbers, age and recent prescription drug use.
No Social Security numbers or financial information were included in the lost data, the department said.
The contractor, Goold Health Systems, handles Medicaid pharmacy transactions for the Health Department.
The GHS employee saved the personal information to an unencrypted USB memory stick and left the Health Department with the device. The employee, who has not been identified, lost the stick while traveling among Salt Lake City, Denver and Washington.
GHS confirmed the data were lost Tuesday, the Health Department said.
The employee violated both Health Department policy and the contract GHS had with the agency.
Health Department Deputy Director and state Medicaid Director Michael Hales said that because the information did not include Social Security numbers or financial data, there's a minimal risk that the breach will lead to identity theft. The department has no reason to believe the data was targeted by anyone for "malicious purposes," Hales said in a statement.
The Health Department has already begun notifying the individuals whose information was lost and said it is taking steps to protect those who were affected from potential fraud.
The agency's executive director, Dr. David Patton, said he's asked for a legal review of the contract with GHS and intends to pursue "whatever financial or contractual remedies are available in order to ensure GHS is held accountable for this serious mistake," he said.
Messages left with a spokesman for the Health Department were not immediately returned.
Copyright 2017, Deseret News Publishing Company