Medicaid coordinated care organization (CCO) Health Share of Oregon today disclosed a data breach exposing the health and personal info of 654,362 individuals following the theft of a laptop owned by its transportation vendor GridWorks IC.
The non-profit organization is Oregon’s largest Medicaid CCO and it serves the Oregon Health Plan (Medicaid) members in Clackamas, Multnomah, and Washington counties.
“On January 2, 2020, Health Share of Oregon learned that the personal information of its members was located on a laptop stolen from GridWorks IC, Health Share’s contracted non-emergent medical transportation (Ride to Care) vendor,” says the CCO in a statement issued today.
“The break-in and theft occurred at GridWorks’ office on November 18, 2019.”
Data breach exposes personal and health information
The stolen laptop includes several types of member information including members’ names, addresses, phone numbers, dates of birth, Social Security numbers, and Medicaid ID numbers.
According to Health Share’s statement, the personal health histories of its members were not exposed as part of this incident.
Health Share is sensing letters to all the members who had their information stored on the stolen device, with the letter to include an offer of 1 year of free identity monitoring services including credit monitoring, fraud consultation, and identity theft restoration.
Though the theft took place at an external vendor, we take our members’ privacy and security very seriously. Therefore, we are ensuring that members, partners, regulators, and the community are made fully aware of this issue. — Health Share of Oregon
In direct response to this vendor data breach, Health Share will expand contractor annual audits, as well as enhance training policies and make sure that patient information transmitted to partners and members is kept to the bare minimum required.
“We are committed to providing the highest quality service to our members, which includes protecting their personal information,” interim CEO and Chief Medical Officer Maggie Bennington-Davis said.
Financial statements and credit reports monitoring advised
While Health Share doesn’t know if the thief found its members’ information on the stolen laptop, it urges all affected members that will receive a breach notification letter to take advantage of the free one year of identity monitoring services.
Health Share also set up a dedicated, toll-free call center at 1-800-491-3163, available between Monday and Friday, 8:00 am to 5:30 pm for questions and concerns.
The CCO also reminds potentially impacted members that they can also put a ‘security freeze’ on their credit file for free to “stop any credit, loans, or other services from being approved in your name without your approval.”
In case their info has been misused, Health Share members are also advised to file a complaint with the Federal Trade Commission, as well as a police report in case of identity theft or fraud.