OMIG Identifies Security Breach

Albany, NY – On October 12, 2012, an employee of the Office of the Medicaid Inspector General (OMIG) is suspected of having made a personal decision, without agency involvement or authorization from OMIG leadership or his or her personal supervisors, to send 17,743 records of Medicaid recipients to his or her own personal e-mail account.  This employee conducted this action without the collaboration of other OMIG staff.

The private information which may have been exposed includes, but may not be limited to, first and last name, date of birth, Medicaid client information number, and Social Security number. 

The employee is on administrative leave while a full, independent investigation is being conducted by the New York State Inspector General’s office.  OMIG is cooperating fully with this investigation.

“OMIG expects all employees to act in a professional, ethical manner while in the workplace, and will not tolerate behavior that leads to the release of confidential information,” said Medicaid Inspector General James C. Cox. 

OMIG followed all processes and procedures necessary following such a breach, including notifying each individual whose information was potentially compromised.  OMIG sent each person a letter containing instructions on how to monitor his or her credit, as well as ways in which to ensure that what was inappropriately sent to the employee’s home computer not translate into identity problems for the individuals involved.

Since this incident occurred, OMIG has devised tighter controls in its information technology department to limit access to data, ensuring that only those investigators and auditors who need data for specific investigatory or auditing purposes can retrieve such information.  Under this enhanced approach, the employee would not have had access to the information included in this breach.

OMIG has also retrained all agency employees on data security, using a nationally accredited program.

OMIG has recommended that the individuals involved place an alert on their credit reports by contacting the three major credit reporting agencies (Equifax, Experian, and TransUnion).  These agencies will provide free credit monitoring services for one year.

OMIG has also set up a toll-free number for individuals to contact if they have questions about this situation: 1-855-809-7205.  OMIG has a dedicated e-mail for people to use as well: security@omig.ny.gov.

-30-

New Yorkers can assist the Office of the Medicaid Inspector General in fighting fraud, waste, and abuse by reporting potentially suspicious behavior or incidents.  OMIG encourages anyone who observes instances of potential Medicaid fraud, waste, or abuse to contact OMIG’s fraud hotline at 1-877-87-FRAUD or visit the Web site at www.omig.ny.gov. Tips can be completely anonymous, and OMIG investigates information from all calls. #NYFightsFraud.

Our mission is to enhance the integrity of the New York State Medicaid program by preventing and detecting fraudulent, abusive, and wasteful practices in the Medicaid program and recovering improperly expended Medicaid funds while promoting high-quality patient care.