Tuesday, March 18, 2014
By Margo Page
Personal Identity Information Data Breach for 9,700 Individuals with Disabilities by Service Coordination, Inc.
Based on what I learned about Service Coordination Inc. from my employment there between December 2013 and February 2014, it does not surprise me that Service Coordination, Inc. was responsible for the Social Security Numbers (SSN) and Medical Assistance (MA) numbers of over 9,700 Marylanders being exposed via a computer hack. Service Coordination, Inc. serves a large quantity of individuals without allocating adequate IT resources to ensure the security of the individual’s private personal identity information. Instead, the organization has only a small IT department that is overworked attending to system maintenance. Keeping all of the information for over 70% of the organization’s clients in one document is a glaring mistake to anyone remotely familiar with the concepts of hacking. Encryption is a fairly easily employed method to ensure safety of client information. However, no such tactics were utilized.
Service Coordination Inc. clients are not assigned identity numbers for internal reference in lieu of SSNs and MA numbers. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) clearly outlines that all private information, and especially SSNs and MAs are only shared within the company on a need-to-know basis. However, Service Coordination keeps SSNs numbers listed on numerous paper files as well as in the database system which is easily accessible to all employees.
Service Coordination, Inc. is very laid-back regarding the safe-keeping of client documents. Client documents containing SSNs and MA numbers are frequently taken out of the office by employees. My supervisor told me that I need not return the documents to the office before going home at the end of the day. This is a HIPAA violation because the documents could get lost or stolen when taken to various client meeting places, and employees are not allowed to take documents with client information home. It is surprising that although Service Coordination was aware of this computer hack when it occurred in October, they made no emphasis to staff on the importance of safeguarding client information over the past few months.
People with disabilities are especially vulnerable to identity theft. It is really unfortunate that these 9,700 some individuals had their personal identity information stolen due to the negligence of a company they entrusted to safeguard their information. Hopefully this event will persuade some current and potential clients to utilize another Maryland organization for these services instead of Service Coordination Inc. Other information obtained in this computer hack were Medicaid numbers, Medicaid Waiver statuses and reasons, demographics and other information related to Service Coordination’s case management services.
I will be writing more about Service Coordination, Inc.’s practices in the near future. More about this incident can be found at the following links.