Advertising Disclosure Email Disclosure

Law Alert for Privacy and Data Security

January 19, 2018
Presented by the Privacy and Data Security Practice Group

OSU Center for Health Sciences Announces Fourth Largest Health Care Breach of 2017

By David J. Shannon, Esquire

The Oklahoma State University Center for Health Sciences (OSU-CHS) just publicly announced a November 2017 data breach that resulted in potential unauthorized access to approximately 280,000 patients' Medicaid and health records. According to OSU-CHS, patient names, Medicaid numbers, healthcare provider names, dates of service and limited treatment information may have been included in the breach. OSU-CHS did point out that only a single social security number was potentially compromised. News reports indicate that the Center's forensic investigation could not confirm nor rule out whether the data breach perpetrator accessed patient information. Data breach notification letters were sent out this week to patients who may have been affected. Reports indicate that OSU-CHS has not advised the affected individuals whether they will be offered credit monitoring services or any other data breach remedies. This incident is the second major breach involving Medicaid data that has been publicly reported since January 1, 2018. Earlier this month, Florida's Agency for Healthcare Administration reported a data breach that impacted approximately 30,000 individuals as a result of a November 2017 phishing attack. This new publicly-acknowledged data breach once again serves as an example to all businesses and public entities, as well as their insurers, that any entity with personal health information, even if it does not include financial information or social security numbers, is at risk for a significant data breach -- and the accompanying costs and negative publicity that surround it.


The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. We welcome the opportunity to provide such legal assistance as you require on this and other subjects. To be removed from our list of subscribers who receive these complimentary Privacy and Data Security updates, please contact If however you continue to receive the alerts in error, please send a note to ATTORNEY ADVERTISING pursuant to New York RPC 7.1 © 2018 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved.

Affiliated Attorney

David J. Shannon
Chair, Privacy and Data Security
(215) 575-2615

Practice Areas

Before you send this email please note:

You are attempting to send email, through a link on our website, to an attorney of Marshall Dennehey Warner Coleman & Goggin or an employee in our firm. Please note that your email may not be treated as confidential and does not create an attorney-client relationship. You should not rely upon the transmission of an email through this website if you are seeking to enter into such a relationship. Until such time as we have agreed to represent you, no information in your email will be treated as confidential. Please contact us directly by telephone at 1.800.220.3308 if it is your intent to seek legal counsel with our firm or convey confidential information.

If it is still your intent to send this email, knowing that it may not be treated as confidential, you may accept our terms of agreement by pressing "OK". If you choose not to accept these terms of agreement you may navigate away from this page by pressing "Cancel."