A
computer flash drive containing the names, addresses, and personal health
information of 280,000 people is missing. "We deeply regret this
unfortunate incident," said the president of the two affiliated
Philadelphia companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health
Plan. The September 20 breach, which involved the records of Medicaid
recipients, is the first such Medicaid data breach in Pennsylvania since at
least 1997, according to the state's Department of Welfare.The security failure
involves nearly two-thirds of the insurers' subscribers. The insurers said the
drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia.
It noted that the same flash drive was used at community health fairs.
"That seems grossly irresponsible," said the head of Patient Privacy
Rights, an advocacy group. The companies said that as of October 20, there had
been no reports of anyone trying to use the information stored on the drive.
The company said that of the 280,000 people affected, only seven members'
Social Security numbers were included on the flash drive, along with the last
four Social Security numbers of an additional 801 clients.