HP Enterprise Services LLC (HPE), a Medicaid fiscal agent for the Indiana Health Coverage Program, recently notified HHS of the theft of 1,235 members’ information. The theft was discovered on September 16 and reported to HHS by HPE on November 7.
According to a statement provided to media, a laptop bag stolen from an HPE employee’s car contained both an encrypted HPE laptop and a printed report relating to the employee’s work on behalf of the Indiana Family and Social Services Administration (FSSA. The printed report included the following information:
- Medicaid Member ID
- Member Name
- Social Security Number
- Medicaid case number
- Date of birth (included for a subset of individuals)
No other member information was included in the stolen report, and HPE informs DataBreaches.net that HPE was able to disable the laptop so that no information could be accessed from it.
Although the employee was not violating any HPE policies or procedures at the time of the incident, HPE updated its internal policies and protocols in response to the incident to ensure that a similar event does not occur in the future. They also offered affected members one year of credit monitoring services.