Michigan long-term care HIPAA breach affects 2,595

A laptop and flash drive containing the personal information of about 2,595 people were stolen from an employee of Michigan's Long Term Care (LTC) Ombudsman’s Office, according to an April 3 Health Insurance Portability and Accountability Act breach notice issued by the Michigan Department of Community Health (MDCH).

The devices were stolen the evening of Jan. 30 or early morning Jan. 31, and MDCH learned about the breach Feb. 3. Information on the laptop was encrypted, but data on the flash drive were not, and the data contained sensitive information regarding participants that the LTC Ombudsman’s Office serves.

The flash drive contained personal information about 2,595 living and deceased individuals, including names, addresses and, for some individuals, dates of birth. Of those, 1,539 records also included a Social Security number or a Medicaid identification number, MDCH officials said in the notice. The theft has been reported to the police, but, to date, the laptop and flash drive have not been recovered, they said.

All individuals with data on the flash drive are being notified so that they can monitor their accounts and other financial affairs for any unauthorized use. MDCH is working with the LTC Ombudsman’s Office to offer credit monitoring services at no cost to people whose Social Security number or Medicaid number were compromised. In addition, a credit file death suppression service is being offered to the families of deceased individuals to assist them in securing their deceased loved ones' credit files, officials said.

Healthcare Informatics is a sister media brand to Long-Term Living.


Topics: Executive Leadership , Technology & IT