Presented by the Privacy and Data Security Practice Group

Legal Updates for Privacy and Data Security - January 2018

By
David J. Shannon

OSU Center for Health Sciences Announces Fourth Largest Health Care Breach of 2017

By David J. Shannon, Esquire

The Oklahoma State University Center for Health Sciences (OSU-CHS) just publicly announced a November 2017 data breach that resulted in potential unauthorized access to approximately 280,000 patients' Medicaid and health records. According to OSU-CHS, patient names, Medicaid numbers, healthcare provider names, dates of service and limited treatment information may have been included in the breach. OSU-CHS did point out that only a single social security number was potentially compromised. News reports indicate that the Center's forensic investigation could not confirm nor rule out whether the data breach perpetrator accessed patient information. Data breach notification letters were sent out this week to patients who may have been affected. Reports indicate that OSU-CHS has not advised the affected individuals whether they will be offered credit monitoring services or any other data breach remedies. This incident is the second major breach involving Medicaid data that has been publicly reported since January 1, 2018. Earlier this month, Florida's Agency for Healthcare Administration reported a data breach that impacted approximately 30,000 individuals as a result of a November 2017 phishing attack. This new publicly-acknowledged data breach once again serves as an example to all businesses and public entities, as well as their insurers, that any entity with personal health information, even if it does not include financial information or social security numbers, is at risk for a significant data breach -- and the accompanying costs and negative publicity that surround it.

 

The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. We welcome the opportunity to provide such legal assistance as you require on this and other subjects. To be removed from our list of subscribers who receive these complimentary Privacy and Data Security updates, please contact djshannon@mdwcg.com. If however you continue to receive the alerts in error, please send a note to djshannon@mdwcg.com. ATTORNEY ADVERTISING pursuant to New York RPC 7.1 © 2018 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved.