Third party contractor Goold Health Systems, based in Maine, is behind a data leak in Utah, according to a report in the Salt Lake Tribune. Earlier this month, a Goold employee was having difficulty uploading a routine report onto a secure file server. Opting instead to save the data to an unsecured thumb drive, the data was later lost during the employee's cross-country travel.
The Utah Department of Health is in the process of notifying 6,000 Medicaid enrollees that their personal information, inluding names, ages and prescription information, was exposed by the error. The missing data does not include patient birth dates, Social Security numbers or financial information.
"We believe the potential risk for identity theft is minimal. Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes," said Utah Medicaid Director Michael Hales, in a statement.
The missing Medicaid data comes less than a year after a major breach of a Utah Department of Health server, which exposed hundreds of thousands of records containing Social Security numbers and other personally identifiable information. That breach, still under investigation, may result in fines for the state. According to a health department spokesperson, the state may seek restitution for this month's data leak from Goold.