Complain about a product or service

Georgia Agency Loses Data on 2.9 Million Residents

By Martin H. Bosworth
ConsumerAffairs.com

April 10, 2007

Data Theft • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

A contractor working for Georgia's Department of Community Health (DCH) disclosed that it had lost a computer disc containing personally identifying information on as many as 2.9 million Georgia residents enrolled in Medicare and the state's "PeachCare" child health program, state health officials said.

The contractor, Affiliated Computer Services (ACS), was hired to process health care claims and billing for the state. The disk, containing names, addresses, Social Security numbers, and birth dates, was being shipped from an ACS office in Atlanta to Maryland, according to company spokesman David Shapiro.

Shapiro said there was no evidence that the information had been used for identity theft, though the disk had apparently only been missing for several days. "We are treating this as a missing package," Shapiro said.

Shapiro said the company was still determining which law enforcement agencies to consult with over the breach. The company had already notified the U.S. Department of Health and Human Services and the Centers for Medicare and Medicaid Services, as well as Georgia's Office of the Attorney General and the Office of Consumer Affairs.

DCH requested that ACS provide information on how to get free credit reports and credit monitoring to the affected.

ACS, which bills itself as "a premier provider of business process outsourcing and information technology solutions," specializes in handling insurance claims and administration of state-level health care programs, according to its publicity materials. The company recently renewed a business outsourcing contract with Horizon BlueCross BlueShield of New Jersey.

The ACS breach is not the first Georgia has had to face in 2007. In early January, the Emory Healthcare network announced that another contracting agency had lost a computer containing data on 38,000 patients that had received cancer treatment in their hospital

Last year a contractor working for Perot Systems misplaced several compact discs containing data on 260,000 patients in the Sisters of St. Francis hospital chain, located in Indiana and Illinois. The discs were in a bag that a Perot employee lost, but was quickly recovered.

Alongside equipment losses and outside data hacks, outsourcing of technology services is one of the prime contributors to potential data breaches, as it opens up the business process to many new potential vulnerabilities. Personal medical histories and billing information are particularly dangerous when lost, as thieves can use them for "medical identity theft," wherein they will use the stolen data to pay for expensive medical procedures and leave the victim holding the bill.

Stolen information often finds its way into the "underground economy" of black-market Internet chat rooms that specialize in the sale of personal data. Cybercriminals and thieves will often mix and match the stolen data into new "synthetic" identities that are much harder to detect as fraudulent, and may never be picked up by typical credit protection services.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |