by Sam Levin
Between October 16, 2011 and June 7, 2013, government officials with the MO HealthNet Division accidentally sent the personal information of more than 1,300 people to the wrong addresses. That is according to the Missouri Department of Social Services, which is, under federal and state privacy laws, required to notify affected individuals that their private information may have been disclosed.
The MO HealthNet Division, which reports to the social services department, is responsible for purchasing and monitoring health care services for low-income and vulnerable Missourians. The department apparently suffered from some sort of "software programming error" through one of its contractors over the roughly twenty-month period.
The agency says it discovered this problem exactly two months ago, but officials publicly announced the situation yesterday.
See also: - Schnucks: Massive Credit Card Security Breach May Have Impacted 2.4 Million People - Credit Card Security Breach: St. Louis Classical Guitar Society's Ticket Service Hacked - After GOP Gun Privacy Outcry, Gov. Says Missouri Won't Scan Concealed-Carry Docs
Daily RFT asked a spokeswoman with the social services agency why the notifications are taking place now if, as the department states in its August 5 press release, the problem was discovered on June 6, 2013. We have not yet received a response to this question and will update if we do.
In the meantime, what information may have been compromised?
"No medical or financial information was released as a result of the inadvertent mailing," the agency says.
However, the type of information potentially released includes a participant's name, date of birth, MO HealthNet identification account number, county name, phone number and the last four digits of a social security number. Infocrossing, Inc., one of MO HealthNet's contractors, did the incorrect mailings, the press release says. Officials are currently in the process of notifying a total of 1,357 individuals.
During the stated timeframe, apparently "some" of the MO HealthNet Managed Care Program correspondences were impacted. Officials have identified and corrected the software error, the agency says.
Individuals who receive a notification from MO HealthNet can call 877-309-0021, a toll-free number to address any concerns and to learn how to protect against identity theft.
Impacted consumers are also eligible to receive free continuous credit monitoring services and enhanced identity theft consultation and restoration for two years, officials say (while noting that "there is no reason to believe that any identity theft or other wrongdoing has occurred as result of this incident").
Infocrossing Inc. will pay for these services.
MO HealthNet Managed Care is operational in 53 counties as well as the city of St. Louis.
In response to our inquiry asking for more details on where the wrong information was sent, a spokeswoman writes to Daily RFT, "Letters were sent to a wrong address for the person intended, such as a former residence. These letters were not sent to all the same address."
At least one state Republican lawmaker is already slamming the problem and linking it to Governor Jay Nixon, a Democrat who, in the most recent legislative session, dealt with an ongoing gun owner privacy controversy.
Here's the full news release with a list of all relevant counties at the bottom.
MO HealthNet Notification of HIPAA Disclosure
Jefferson City, MO--MO HealthNet is in the process of notifying 1,357 individuals that some of their personal information was mailed to an incorrect address by one of its contractors, Infocrossing, Inc. The disclosure was caused by a software programming error.
No medical or financial information was released as a result of the inadvertent mailing. The type of information released potentially included participant name, date of birth, MO HealthNet identification account number (DCN), county name, phone number, and the last four digits of the social security number.
The incident was discovered on June 6, 2013. The software programming error impacted some of MO HealthNet Managed Care Program correspondence sent between October 16, 2011 and June 7, 2013. MO HealthNet has since identified and corrected the software error.
In compliance with federal and state privacy laws, MO HealthNet has sent written notices to individuals affected by the mailings, informing them that some personal information may have been disclosed. Individuals who receive a notification from MO HealthNet may call the following toll-free number 877-309-0021 to address any concerns and to learn how to protect against identity theft. Although there is no reason to believe that any identity theft or other wrongdoing has occurred as result of this incident, MO HealthNet, through Infocrossing, Inc., is offering affected consumers free continuous credit monitoring services and enhanced identity theft consultation and restoration for two years. These services are being offered to affected consumers at the courtesy of Infocrossing Inc. and at no additional cost to the taxpayer.
MO HealthNet Managed Care is operational in the City of St. Louis and the following counties of Missouri: Audrain, Bates, Benton, Boone, Callaway, Camden, Cass, Cedar, Chariton, Clay, Cole, Cooper, Franklin, Gasconade, Henry, Howard, Jackson, Jefferson, Johnson, Laclede, Lafayette, Lincoln, Linn, Macon, Madison, Maries, Marion, Miller, Moniteau, Monroe, Montgomery, Morgan, Osage, Perry, Pettis, Phelps, Pike, Platte, Polk, Pulaski, Ralls, Randolph, Ray, Saline, St. Charles, St. Clair, St. Francois, St. Louis, Ste. Genevieve, Shelby, Vernon, Warren, and Washington.