Oof. Oklahoma State University Center for Health Sciences is notifying 279,865 Medicaid patients of a hacking incident. Here is the notice from OSU’s web site:
Oklahoma State University Center for Health Sciences (OSUCHS) takes the privacy and security of our patients’ information very seriously. Regrettably, this notice is regarding an incident in which some Medicaid patient information may have been compromised.
On November 7, 2017, we learned an unauthorized third party had gained access to folders on the OSUCHS computer network. These folders stored Medicaid patient billing information. On November 8th, we took immediate action to remove the folders from the computer network and terminated the third party access. We also launched a thorough investigation, including hiring an independent data security firm. The firm assisted us in determining whether the folders had been compromised.
The investigation could not rule out whether the third party explicitly accessed patient information. The information in the folders may have included patients’ names, Medicaid numbers, healthcare provider names, dates of service, and limited treatment information. It is important to note these folders did not contain medical records. A single social security number was contained on the server.
We have no conclusive indication of any inappropriate use of patient information. However, out an abundance of caution, we began mailing letters to affected patients on January 5, 2018. We also established a dedicated call center to answer any questions our patients may have. If you believe your information was affected and do not receive a letter by February 15, 2018, or if you have questions regarding this incident, please call 1-844-551-1727, Monday through Friday, 8 am to 8 pm Central Time. For patients affected by this incident, please be alert to any healthcare services you did not receive from any of your providers. If you learn of any services you did not receive, please contact your provider and Medicaid immediately.
At OSU Center for Health Sciences, we care deeply about our patients. Patient confidentiality is a critical part of our commitment to care and we work diligently to protect patient information. We apologize for any concern or inconvenience this incident may cause our patients. Since this incident, we have implemented additional security measures to enhance the protection of our patient information.
Although the number of patients affected was not included in their notice, the incident was reported to HHS and appears on their web site.