Complain about a product or service

68,000 CalOptima Members at Risk in Data Breach

Missing CDs contain patient information, Social Security numbers

October 30, 2009

Data Theft • 68,000 CalOptima Members at Risk in Data Breach • Express Scripts Extortion Scheme Widens • Technology Could Be Key To Stopping Unauthorized Charges • T-Mobile: No Hacking in Data Breach • T-Mobile Confirms Data Breach • Consumers Increasingly Concerned About Online Transactions • Are Identity Theft Services Worth the Cost? • Online Tools Help Spot Financial Fraud • Financial Fraud Hits 7.5 Percent Of Americans In 2008 • Feds Charge Mortgage Broker In Potential Data Breach • Millions of Credit Cards Exposed in Data Breach • 2008 Data Breach Total Soars • Bank Data Breach Threatens 248,000 in North Carolina • GPS Not Foolproof • Countrywide Warns Millions of Data Breach • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

As many as 68,000 members of CalOptima, the Medicaid plan for Orange County, California, may be at risk of identity theft and fraud after several CDs containing their personal information disappeared while in transit, the agency reported.

"CalOptima's claims scanning vendor sent the electronic media devices to CalOptima through the U.S. Postal service by certified mail," the agency said. "On Tuesday, October 13, 2009, CalOptima discovered the apparent loss of the devices when the external packaging materials were delivered by the U.S. Postal Service without the box containing the devices."

The missing discs include patient information such as names, addresses, Social Security numbers, diagnoses, and billing codes. CalOptima said it notified state and federal agencies of the breach on October 14, and posted an alert on its Web site on October 15.

CalOptima is currently negotiating with one of the three major credit reporting agencies -- Equifax, Experian, and Trans Union -- to provide credit monitoring services for the affected members. The agency is also investigating why the data was not encrypted prior to its delivery.

The CalOptima incident comes at a sensitive time for rules governing data breaches or compromises. The economic stimulus package had initially contained rules that mandated disclosing breaches of personally-identifying health information held by organizations covered under the Health Insurance Portability and Accountability Act (HIPAA).

But the Department of Health and Human Services (HHS)'s interpretation of the law allows for a "harm standard," where the business affected does not have to disclose any information about the breach unless there is a risk of significant financial harm to itself or an affected individual. Critics say HHS' interpretation of the law effectively guts its usefulness as a data breach warning tool.

The CalOptima breach required mandatory reporting, even without the new laws, as some of the breached information included Social Security numbers.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Share		Follow us on Twitter.