“Thumbs” Down to Unsecured Thumb Drives: Major Medical Data Breach

A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing. "We deeply regret this unfortunate incident," said the president of the two affiliated Philadelphia companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan. The September 20 breach, which involved the records of Medicaid recipients, is the first such Medicaid data breach in Pennsylvania since at least 1997, according to the state's Department of Welfare.The security failure involves nearly two-thirds of the insurers' subscribers. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs. "That seems grossly irresponsible," said the head of Patient Privacy Rights, an advocacy group. The companies said that as of October 20, there had been no reports of anyone trying to use the information stored on the drive. The company said that of the 280,000 people affected, only seven members' Social Security numbers were included on the flash drive, along with the last four Social Security numbers of an additional 801 clients.