Disability Rights Wisconsin (DRW) suffered a breach potentially exposing Wisconsin Medicaid members' protected health information (PHI).
In Wisconsin, a security breach involving DRW, a partner of the Department of Health Services (DHS), potentially exposed the PHI of 19,150 Medicaid members. The issue came to light when suspicious activities were detected on an email account belonging to DRW. Both DHS and DRW are actively investigating this matter to prevent further complications.
To address the concerns of those affected, DRW is sending out notification letters on June 21, 2024, and is offering a year of free credit monitoring. They've also set up a dedicated call center to handle any questions. Starting June 24, affected members can reach out to the center on weekdays between 8:00 a.m. and 8:00 p.m. CDT.
Medicaid is a public health program in the United States that provides health coverage to millions of Americans. This includes eligible low-income adults, children, pregnant women, elderly adults, and people with disabilities. Funded jointly by the federal and state governments, it helps cover medical costs for individuals and families who may not have the financial means to afford healthcare on their own.
The people who benefit from Medicaid are diverse. It supports families that are struggling financially, ensuring that children and pregnant women receive necessary medical services without undue financial strain. It also assists elderly individuals, many of whom are on fixed incomes and might have extensive healthcare needs that Medicare does not fully cover, such as long-term nursing care and other services. It also acts as a lifeline for individuals with disabilities, providing them access to specialized medical care and supportive services that help them lead more independent lives.
See also: HHS OIG recovers billions in healthcare crackdown
Due to the vulnerability of the groups covered under Medicaid, groups are often less equipped to handle the repercussions of identity theft and fraud, the breach serves as an unnecessary stressor. These individuals may already be facing life challenges, and dealing with the consequences of compromised personal information, such as stolen identities or financial fraud, can add severe stress and complexity to their lives. For example, the elderly might not have the digital literacy to address fraud effectively, while low-income families might not have the resources to secure their compromised data quickly.
According to a statement released by the Wisconsin DHS, “Today, the Wisconsin Department of Health Services (DHS) announced that one of its partners, Disability Rights Wisconsin (DRW), had a security incident that may have exposed the protected health information of 19,150 Wisconsin Medicaid members.
The incident was discovered after suspicious activity was found on a DRW email account. DHS and DRW continue to investigate and address any complications from this data security incident.”
See also: HIPAA Compliant Email: The Definitive Guide
Protected Health Information refers to any information in a medical record that can be used to identify an individual and that was created, used, or disclosed in the course of providing a healthcare service.
The Breach Notification Rule is a HIPAA regulation requiring healthcare providers, insurers, and their business associates to notify individuals, the Secretary of Health and Human Services, and sometimes the media if there is a breach of unsecured protected health information.
The best way to communicate a breach notification is through direct, clear, and timely written communication, like HIPAA-compliant email.