Service Coordination Inc. Breach of Personal Identity Information of 9,700 Individuals

Tuesday, March 18, 2014
By Margo Page

Personal Identity Information Data Breach for 9,700 Individuals with Disabilities by Service Coordination, Inc.

Based on what I learned about Service Coordination Inc. from my employment there between December 2013 and February 2014, it does not surprise me that Service Coordination, Inc. was responsible for the Social Security Numbers (SSN) and Medical Assistance (MA) numbers of over 9,700 Marylanders being exposed via a computer hack.  Service Coordination, Inc. serves a large quantity of individuals without allocating adequate IT resources to ensure the security of the individual’s private personal identity information.  Instead, the organization has only a small IT department that is overworked attending to system maintenance.  Keeping all of the information for over 70% of the organization’s clients in one document is a glaring mistake to anyone remotely familiar with the concepts of hacking.  Encryption is a fairly easily employed method to ensure safety of client information.  However, no such tactics were utilized.

Service Coordination Inc. clients are not assigned identity numbers for internal reference in lieu of SSNs and MA numbers.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) clearly outlines that all private information, and especially SSNs and MAs are only shared within the company on a need-to-know basis.  However, Service Coordination keeps SSNs numbers listed on numerous paper files as well as in the database system which is easily accessible to all employees.

Service Coordination, Inc. is very laid-back regarding the safe-keeping of client documents.  Client documents containing SSNs and MA numbers are frequently taken out of the office by employees.  My supervisor told me that I need not return the documents to the office before going home at the end of the day.  This is a HIPAA violation because the documents could get lost or stolen when taken to various client meeting places, and employees are not allowed to take documents with client information home.  It is surprising that although Service Coordination was aware of this computer hack when it occurred in October, they made no emphasis to staff on the importance of safeguarding client information over the past few months.

People with disabilities are especially vulnerable to identity theft.  It is really unfortunate that these 9,700 some individuals had their personal identity information stolen due to the negligence of a company they entrusted to safeguard their information.   Hopefully this event will persuade some current and potential clients to utilize another Maryland organization for these services instead of Service Coordination Inc.  Other information obtained in this computer hack were Medicaid numbers, Medicaid Waiver statuses and reasons, demographics and other information related to Service Coordination’s case management services.

I will be writing more about Service Coordination, Inc.’s practices in the near future.  More about this incident can be found at the following links.

http://www.washingtontimes.com/news/2014/mar/17/md-nonprofit-serving-disabled-reports-data-breach/

http://articles.baltimoresun.com/2014-03-17/health/bs-md-health-data-breach-20140317_1_social-security-numbers-intellectual-and-developmental-disabilities-hacking

http://www.wfmd.com/articles/wfmd-local-news-119935/frederick-firms-computer-hacked-12163596

http://www.sfgate.com/news/article/Md-nonprofit-serving-disabled-reports-data-breach-5325469.php

http://www.foxbaltimore.com/news/features/top-stories/stories/md-nonprofit-serving-disabled-reports-data-breach-26332.shtml#.UyhhT61dWCI

http://washington.cbslocal.com/2014/03/17/md-nonprofit-serving-disabled-reports-data-breach/

http://baltimore.cityandpress.com/node/7556482

http://www.sun-sentinel.com/topic/bs-md-health-data-breach-20140317,0,7153797.story

Advertisements

6 comments

  1. Well done, Johnny “Slim Dumas” Dumas is scum and only able to maintain his current position because he serves a population who needs the help of his own coworkers to advocate for themselves. If he served a population capable of fully advocating for themselves, he’d of been run off immediately. I have absolutely no clue what the current board sees in him. Instead, he fires off everyone not willing to sell their souls and replaces them with fresh ignorance and cowardice. Little Johnny D’ll probably see this as a victory, as now he can pretend to advocate for those he supposedly serves by helping them monitor the very mess he’s responsible for creating. This distraction will enable him to continue overlooking the real atrocities facing the developmentally disabled population in MD. I wonder if he gets any kick backs from all these new cyber security contracts… or if he has any old military buddies in the cyber security field? That’s a lot of new contracts. There are some wonderful people who have served/do serve as Service Coordinators, but the little bit of good they do is often in spite of the conflicted DDA/SC relationship instead of supported by it, and a truly independent resource coordination agency would run circles around these fools and the endless verbal masturbation that’s continuously spewed all over those they claim to serve.

    These, of course, are just my opinions. Thanks for all the laughs John 🙂 We’ll just all hope that nothing else goes wrong while you figure out the next Strategic Plan.

    Like

      1. Hello Margo Page, could we talk? This article is about me and I would like to share my side of the story.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s