As many as 68,000 members of CalOptima, the Medicaid plan for Orange County, California, are contacting their credit agencies and checking their bank accounts this week after several CDs containing their personal information vanished in the mail.
The unspecified number of missing discs included patient data including names, addresses, Social Security numbers, medical diagnoses and billing codes. Making matters much worse, the discs were not encrypted.
CalOptima said it contacted state and federal agencies on Oct. 14 and posted an alert on its Web site the following day.
“CalOptima’s claims scanning vendor sent the electronic media devices to CalOptima through the U.S. Postal service by certified mail,” CalOptima officials said in the posting. “On Tuesday, Oct. 13, CalOptima discovered the apparent loss of the devices when the external packaging materials were delivered by the U.S. Postal Service without the box containing the devices.”
Identity theft continues to be a major problem for online merchants, government agencies and ordinary consumers logging on to check their e-mail from home.
A recent survey by the Ponemon Institute found that of the 517 companies and organizations surveyed, 55 percent were securing credit card information but not other vulnerable data including Social Security numbers, bank account details and customer phone numbers and addresses.
It’s exactly this kind of data that thieves responsible for the largest cyber fraud bust in U.S. history, netting more than 100 hackers and scam artists located in both the U.S. and Egypt last month.
CalOptima said it is currently negotiating with one of the three major credit reporting agencies to provide free credit monitoring services for those patients affected. It’s also investigating why the data was not encrypted prior to its delivery.