Security Breach in South Carolina Medicaid System

A man in South Carolina has been charged with six counts in relation to an alleged identity theft incident that resulted in the loss of secure personal information for more than 225,000 South Carolina Medicaid patients. Christopher Lykes Jr., age 36, faces up to 10 years in prison if he’s convicted of the identity theft related charges. Mr. Lykes had been a project manager for the South Carolina Department of Health and Human Services, a position which allowed him to collect the confidential information. He then apparently sent this information to his own unsecured e-mail account, and may have sent it to at least one other person. Officials are still investigating the case.

After the data breach came to light on April 10th, South Carolina officials acted quickly and contacted the affected individuals with letters. They also provided notification letters to state Medicaid providers, and created a hotline where individuals can call for more information. State officials have since launched an investigation of the security procedures surrounding the computer systems that house sensitive Medicaid data.

Though the South Carolina data breach appears to be intentional, it is much smaller than the recent loss of patient information in Utah. In the Utah case, computer hackers located in eastern Europe found that a state employee had been using a weak password on a state computer server. The hackers used that weak password to steal information on almost 1,000,000 Utah Medicaid patients.

Both of these cases highlight the potential risks involved anytime you give personal information to anyone, including your healthcare providers. If you are worried about possibility of identity theft, you should closely monitor your credit reports and may want to consider a credit freeze. A credit freeze is when you contact each of the consumer credit bureaus and prevent them from issuing your credit report to anyone, thus preventing anyone from opening a new account in your name.