Mediko, Inc. has issued a press release concerning an unintended exposure of protected health information by their third-party claims processor, CorrectCare.
According to their notice, on July 6, CorrectCare discovered that two file directories on their server had been misconfigured and were exposing files to the public. The investigation subsequently determined that the exposure occurred as early as January 22, 2022. The files contained protected health information of those treated by Mediko between January 1, 2012, and July 7, 2022.
Mediko was notified of the configuration error on September 1.
Although they claim there is no evidence that any personal information was accessed, viewed, or acquired without permission, the patient information affected included name, date of birth, and limited health information, such as a diagnosis code and/or CPT code, treatment provider, and dates of treatment, and may have included Social Security numbers.
If you were or are an incarcerated person who might be affected, you may receive a letter from CorrectCare, who is directly mailing people for whom they have current addresses.
More details are provided in the notice on Mediko’s website, including an FAQ and how to enroll in complimentary credit monitoring services offered by CorrectCare.