LITTLE ROCK, Ark. – Officials with the Arkansas Department of Human Services said they have discovered a data breach that released client data.
The officials said the breach came on Sept. 16 when an employee sent emails from her DHS email account to her personal Yahoo email account. The emails had attachments of spreadsheets that listed 925 DHS Medicaid clients who had been diagnosed with the flu.
Listed in the attachments were the person’s Medicaid ID, date of birth, gender, county, zip code and diagnosis. Officials noted that names, Social Security numbers full addresses and financial information were not disclosed in the breach.
Department officials added that they had notified the affected clients by mail about the breach.
In a release announcing the breach, DHS officials said staff is trained on security, including patient privacy. The release also stated that part of the training includes using secure and encrypted email and not using personal email for client health information.
Officials said the department had taken steps to prevent a data breach like this from taking place in the future.
If DHS clients have questions or concerns, they may contact the DHS Privacy Office by email at DHSPrivacyOfficer@dhs.arkansas.gov or by phone at 1-855-283-0835.