Review: SC Medicaid agency exposed data to cybertheft risk

February 19, 2016 by Seanna Adcox

A four-decade-old computer system and poor safety measures at South Carolina's Medicaid agency exposed the personal health information of roughly 1 million residents to risk of cybertheft, according to a federal report released Friday.

The findings by the U.S. Department of Health and Human Services' Office of Inspector General include that the Medicaid agency did not—at the time of its evaluation in 2013—have a security plan for its , had no encryption for laptops and had not properly trained employees. The purposefully did not give specifics.

Director Christian Soura said Thursday that his agency has already implemented the safeguards recommended by the report: "The good news for us is that we've taken action on every one of the findings."

The report notes inspectors found no evidence that any hacking of Medicaid data had occurred.

"Although we did not find evidence that anyone had exploited these weaknesses, exploitation could have resulted," the report said. "The weaknesses were collectively and, in some cases, individually significant and could have compromised the integrity of the state's Medicaid program."

That agency processed $5 billion in claims for 966,602 beneficiaries in 2012, the report states.

The federal review followed the massive hacking at South Carolina's Revenue Department, which involved information stolen from the electronically filed tax returns of 3.8 million adults and 700,000 businesses. The 74 gigabytes of stolen data included unencrypted Social Security numbers—of the adults and their 1.9 million dependents—and bank account numbers.

According to the 's office, it chose South Carolina for review because of the fall 2012 cybercrime at Revenue, a breach earlier that year in the Medicaid agency and concerns about the nation's oldest computer system for paying Medicaid providers.

The state is in the process of replacing that system, which is between 35 and 40 years old. The new system is not expected to be operating until June 2018, said Soura.

The federal government, which is funding 90 percent of the cost, should receive formal plans in the coming weeks. Federal approval is required before the state's contract bidding process can start, he said.

The overhaul is expected to cost more than $100 million total.

Soura said improvements and training will be ongoing to deal with new security threats as technology changes.

In April 2012, a former project manager at his agency was arrested for compiling the data of more than 228,000 Medicaid recipients on a spreadsheet and sending it to his private email account. He was later sentenced to three years of probation and community service.

No one has been arrested for the Revenue hacking.

Explore further: Haley admits hacking errors; revenue chief resigns

Related Stories

Haley admits hacking errors; revenue chief resigns

November 20, 2012

(AP)—South Carolina Gov. Nikki Haley says a report on a massive security breach in the state's tax collection agency shows officials could have done more to protect personal information for nearly 4 million taxpayers.

'Coverage gap' likely to affect 5.2 million uninsured adults

October 18, 2013

(HealthDay)—About 5.2 million uninsured adults are expected to fall into the Affordable Care Act (ACA) 'coverage gap,' with incomes too high to qualify for Medicaid programs but below the level eligible for federal subsidies ...

Medicaid rolls grow in states resisting health law

May 14, 2014

A new report says at least a half-million more people have signed up for Medicaid in states that thus far have refused a federal offer to expand eligibility for the safety-net program for the poor.

Recommended for you

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.