Georgia Patients’ Records Exposed on Web for Weeks
A company hired by the State of Georgia to administer health benefits for low-income patients is sending letters to notify tens of thousands of residents that their private records were exposed on the Internet for nearly seven weeks before the error was caught and corrected, a company spokeswoman said on Thursday.
The records of as many as 71,000 adults and children enrolled in the Medicaid or PeachCare for Kids programs were inadvertently posted on Feb. 12, said Amy Knapp, a spokeswoman for the company, WellCare Health Plans Inc., whose headquarters are in Tampa, Fla.
The company learned on March 28 that the information was publicly accessible, Ms. Knapp said, and it took five more days to remove all the data, which included names, Social Security numbers, birth dates, Medicaid or PeachCare for Kids numbers, and dates of eligibility for insurance programs.
An employee who was updating information for the Georgia Department of Community Health posted the normally secure data to an unsecured Web site by mistake, Ms. Knapp said.
Lisa Marie Shekell, the department’s communications director, said there was no evidence that any of the information had been improperly used.
WellCare Health Plans has offered to pay the patients for credit monitoring services for a year, Ms. Knapp said.
This is the second time in a year that records for Medicaid and PeachCare for Kids participants in Georgia have been compromised.
Last April, the Department of Community Health announced that a different private contractor had lost a computer disk containing data on 2.9 million people. The disk, which was apparently lost in the mail, was never recovered.