If you’re looking for a reason why control of federal programs like Medicare shouldn’t be given over to the states, as many South Carolina Republicans demand, look no further.
Officials with the state Department of Health and Human Services announced Thursday that the personal information of nearly 230,000 recipients of Medicare and Medicaid — nearly a third of South Carolina’s system that provides health care for the elderly and poor — was stolen after a DHHS employee copied the data for their personal use.
At a press conference attended by top brass such as Gov. Nikki Haley and SLED Director Mark Keel, DHHS Director Tony Keck described an information heist resembling Wikileaks suspect Bradley Manning’s alleged theft of State Department cables. Keck said a low-level employee with access to a trove of patient information began systematically forwarding the data to a personal Yahoo account between January 31 and April 10.
Keck said the names, birthdates and Medicaid numbers of 228,425 South Carolinians were accessed by the employee. In turn, the Social Security numbers of 220,604 Medicare recipients were also stolen because Keck said their Medicare and Social Security numbers are the same.
“I’ve worked through hurricanes and the BP oil spill, and this is one of the most troubling events of my career,” commented Keck, who said officials were more concerned with external hackers than with security breaches from within.
Over 90% of the data was stolen from patients living in five counties, according to officials: Allendale, Bamberg, Barnwell, Lexington and Richland. It’s not clear whether that concentration was intentional.
Still no motive
Officials did not give many details about the employee, who was later identified as 36-year-old Christopher Lykes, but said the information was sent to at least one other person. SLED investigators have seized Lykes’ work and home computers, according to Keel, and have issued subpoenas to discover who else has the information.
Keck initially told reporters he didn’t know what the employee intended to do with the information. When questioned later by Palmetto Public Record, Keck said DHHS officials speculated the data could be used for direct mail and marketing campaigns. With state primaries and general elections right around the corner, Keck’s admission raises the possibility that the security breach will be exploited for political purposes — much like how state Republicans trumpeted the Department of Motor Vehicles’ bogus claim that over 900 “dead” people voted in recent elections.
The security breach also exposes the state to millions in fraudulent Medicaid claims, not to mention millions in potential fines for allowing federal and state medical privacy laws that may be broken. In addition, the stolen information puts hundreds of thousands of South Carolinians at risk for identity theft.
Keck said anyone whose data was released will be contacted via letter, and will receive a year of free identity protection. DHHS has also begun reviewing all department data requests, and has hired an external IT firm to conduct a security audit.
In addition, officials said the Inspector General will begin look at any areas in other departments where a similar security breach could be exploited.
UPDATE: Well, it didn’t take long for Republicans to start exploiting the security breach for political gain. SCGOP Executive Director Matt Moore is telling reporters that Lykes serves on the executive committee of the Lexington County Democratic Party. So far the party has yet to comment, but it now makes sense why Gov. Haley would want to give so much attention to a security failure by one of her own agencies.