Medicaid Patients PHI Exposed at Oklahoma State University Center for Health Sciences

The computer network of Oklahoma State University Center for Health Sciences (OSUCHS) was accessed by an unauthorized individual resulting in the potential exposure of the billing information of Medicaid patients. OSUCHS discovered the security breach on November 7, 2017 and terminated network access on the next day.  Third-party computer forensics experts did a comprehensive investigation of the incident to know what part of the network the hacker accessed and which information he viewed or stole.

The investigation confirmed that someone potentially viewed files of patient health information. But there’s no certainty that the information were accessed or stolen. There’s no conclusive evidence that suggests patient information was misused as well.

As a safety precaution, all Medicaid patients potentially impacted by the data breach received notification letters by mail alerting them of the data breach. They were advised to be vigilant for the potential misuse of their personal information.

OSUCHS stated that medical records were not included in the breached information. Only names, Medicaid numbers, healthcare provider names, dates of service and some treatment information were compromised. There was only one Social Security number was contained in the compromised server.

Because of the breach, OSUCHS conducted a review of their security controls. They added extra measures to make sure that patient information are protected. There’s no mention yet regarding the breach on the Department of Health and Human Services’ Office for Civil Rights breach portal. Hence, it is not yet clear how many people were impacted.