The Utah Department of Health says human error caused the most recent data breach, where the personal information of 6000 Medicaid clients was lost on a thumb drive.
The mistake was made by an employee of a third-party contractor, Goold Health Systems, which processes pharmacy claims for Utah’s Medicaid program. State Health Department spokesman Tom Hudachko said the employee should never have downloaded data onto an unencrypted thumb drive.
“This was a case of human error, and an individual failing to follow the protocols and policies that we have in place,“ said Hudachko.
The department has been working on shoring up security since last year’s massive data breach by hackers who exposed the information of 780,000 Utahns. Hudachko said the newly created Office of Health Information and Data Security has implemented more than 100 new policies that deal with securing data, and health department employees have received hours of training on data security standards.
“It’s certainly frustrating and disheartening to have another data security incident occur within nine or so months of the large data breach that happened last year, especially given the efforts we’ve undertaken to prevent these types of things from happening,” said Hudachko.
In response to the latest incident, the department is reviewing its contract with Goold Health Systems, and looking at what sorts of penalties they can levy to hold the company accountable.