Personal data for 10,000 Missourians exposed, including some Social Security numbers
The Missouri health department is mailing letters to about 10,000 people whose personal information — including in some cases Social Security numbers — may have been exposed in a security breach.
The Missouri Department of Health and Senior Services said in a statement that an information technology contractor improperly stored the information in an electronic file that was not password-protected.
The contractor stored the information some time before September 2016. It included names, dates of birth, identification numbers issued by some state agencies and, according to the department, “a very limited number of Social Security numbers.”
“The types and amount of personal information retained by the contractor varied by person,” the news release said. “Each person did not necessarily have all types of personal information listed.”
Those affected by the breach are encouraged to monitor their financial accounts for suspicious activity and keep an eye on their credit reports. Other options include contacting the three major credit reporting agencies — Equifax, Experian and TransUnion — and requesting fraud alerts or a temporary credit freeze.
Medical data breaches are relative common nationwide, but in recent years Missouri has had more than its share for a state its size.
The latest breach comes on the heels of a “mailing error” by a state Medicaid contractor this summer that exposed the health information of almost 20,000 children and an email “phishing” scam at Children’s Mercy Hospital that compromised the data of 60,000 more.
According to the health department there’s no evidence yet that anyone viewed or used the personal information exposed in the latest breach for nefarious purposes.
But Randall Williams, the director of the health department, said he believed the contractor may have broken privacy laws just by retaining the data the way it did.
“The state learned of this incident on the Thursday before Labor Day,” Williams said in a statement released by the department. “We immediately worked with other State agencies over the Labor Day holiday to prevent any dissemination of this data now or in the future. Present leadership takes very seriously our requirement to protect information, and we have referred our findings to the appropriate law enforcement authority.”