Security Breach Exposes Healthcare Recipients' Data

Social Security numbers were printed on address labels used in a mass mailing sent by the California Department of Health Care Services.
A labeling blunder has exposed the private data of nearly 50,000 of California's most vulnerable healthcare recipients. Their Social Security numbers were printed on address labels used in a mass mailing, state officials said.

The California Department of Health Care Services notified its beneficiaries of the security breach within several days of the Feb. 1 mailing. Many of the those affected are blind, have Alzheimer's disease, or suffer some other cognitive disabilities, the Los Angeles Times reported.

DHCS officials said the Social Security numbers were included on address labels sent by department employees to a mailing contractor. The labels were used on envelopes carrying letters notifying recipients of changes in benefits.

The DHCS was notified of the mistake Feb. 4 and started sending notification letters to beneficiaries two days later. The agency advised beneficiaries to contact credit reporting agencies and place fraud alerts on the opening of any new accounts.

The DHCS said the Social Security numbers did not have any spaces or dashes, which may have made them appear to be a random nine-digit number to people other than the recipients. To date, no one affected by the breach has reported being a victim of identity theft as a result of the incident.

The DHCS said it has boosted security to prevent a recurrence. "We have implemented additional safeguards governing the release of Social Security numbers, and our mailing vendor has implemented additional quality control measures to prevent such errors from occurring in the future," David Maxwell-Jolly, director of DHCS, said in a statement released Monday.

The DHCS is not the first healthcare organization involved in a security breach of confidential information. Last November, Connecticut Attorney General Richard Blumenthal said his office was investigating Blue Cross Blue Shield's loss of confidential information, including tax identification numbers and Social Security numbers, for 800,000 healthcare providers nationwide.

Last year, hackers had access to a server at the University of California, Berkeley, and stole personal information associated with as many as 160,000 students, alumni, and parents. The compromised server housed information from the UC Berkeley campus health services center.

Editors' Choice
Evan Schuman, Contributing Writer, Dark Reading
Tara Seals, Managing Editor, News, Dark Reading
Jeffrey Schwartz, Contributing Writer, Dark Reading