Some Massachusetts seniors are at risk
Technorati Tag: Security Breach
Date Reported:
11/30/07
Organization:
State of Massachusetts
Contractor/Consultant/Branch:
Executive Office of Health and Human Services
Victims:
Prescription Advantage insurance program members*
*Prescription Advantage is a state-run program that offers drug insurance to seniors in Massachusetts.
Number Affected:
150,000
Types of Data:
"personal information"
Breach Description:
Authorities arrested an identity thief in August, 2007 who had been using information obtained from the Massachusetts Prescription Advantage program in an attempted identity theft scheme. It is not yet clear how the thief obtained the information.
Reference URL:
PC World Story
Information World Story
The Boston Herald Story
Report Credit:
Associated Press via The Boston Herald
Response:
From the sources cited above:
Thousands of senior citizens are being warned about a computer security breach involving the state’s Prescription Advantage program.
[Comfyllama] It seems like senior citizens are among the easiest prey for identity thieves.
Executive Office of Health and Human Services spokeswoman Alison Goodwin wouldn’t say what kind of personal information may have been compromised, such as names, addresses or Social Security numbers.
Local authorities arrested a lone identity thief in August who had been using information taken from the program in an attempted identity theft scheme, said Alison Goodwin, a spokeswoman for the state's Executive Office of Health and Human Services.
Goodwin could not add many details on the nature of the breach, citing an ongoing criminal investigation, but she said Prescription Advantage is conducting an internal review of the incident to determine if additional security measures might be required.
[Comfyllama] If data leaked, then I would say that additional security measures are probably required. Sounds obvious, but to some it just doesn't sink in.
The data breach did not affect all members of the program, Goodwin said
[Comfyllama] I wonder how this conclusion is drawn? If the breach does not affect all 150,000 then why inform 150,000? Maybe Prescription Advantage doesn't know who was affected and who wasn't.
Prescription Advantage recently began notifying 150,000 members potentially affected, as required by state data-breach laws.
"A few members were recently the victims of attempted identity theft," the state said in a Nov. 19 letter sent to possible victims.
[Comfyllama] OK, here it states that a few members were victims of identity theft and earlier statements said the identity thief "had been using information taken from the program".
The staff that maintains the program has "no reason to believe" that any Prescription Advantage members' data has been misused, the letter adds.
[Comfyllama] Here, the letter states that there is no reason to believe that any data was misused?! A little confusing and contradictory. If confidentiality cannot be assured, assume it has been lost.
Members who have questions about the breach can call Prescription Advantage during regular business hours: 1- or 1- for those who are hearing impaired.
Commentary:
Much is left in the dark about this breach. I certainly hope that more details are being shared with victims. They should demand it.
I am curious about too many things to even mention them all.
Past Breaches:
October, 2007 - Massachusetts DPL sends Social Security numbers in mail
Date Reported:11/30/07
Organization:
State of Massachusetts
Contractor/Consultant/Branch:
Executive Office of Health and Human Services
Victims:
Prescription Advantage insurance program members*
*Prescription Advantage is a state-run program that offers drug insurance to seniors in Massachusetts.
Number Affected:
150,000
Types of Data:
"personal information"
Breach Description:
Authorities arrested an identity thief in August, 2007 who had been using information obtained from the Massachusetts Prescription Advantage program in an attempted identity theft scheme. It is not yet clear how the thief obtained the information.
Reference URL:
PC World Story
Information World Story
The Boston Herald Story
Report Credit:
Associated Press via The Boston Herald
Response:
From the sources cited above:
Thousands of senior citizens are being warned about a computer security breach involving the state’s Prescription Advantage program.
[Comfyllama] It seems like senior citizens are among the easiest prey for identity thieves.
Executive Office of Health and Human Services spokeswoman Alison Goodwin wouldn’t say what kind of personal information may have been compromised, such as names, addresses or Social Security numbers.
Local authorities arrested a lone identity thief in August who had been using information taken from the program in an attempted identity theft scheme, said Alison Goodwin, a spokeswoman for the state's Executive Office of Health and Human Services.
Goodwin could not add many details on the nature of the breach, citing an ongoing criminal investigation, but she said Prescription Advantage is conducting an internal review of the incident to determine if additional security measures might be required.
[Comfyllama] If data leaked, then I would say that additional security measures are probably required. Sounds obvious, but to some it just doesn't sink in.
The data breach did not affect all members of the program, Goodwin said
[Comfyllama] I wonder how this conclusion is drawn? If the breach does not affect all 150,000 then why inform 150,000? Maybe Prescription Advantage doesn't know who was affected and who wasn't.
Prescription Advantage recently began notifying 150,000 members potentially affected, as required by state data-breach laws.
"A few members were recently the victims of attempted identity theft," the state said in a Nov. 19 letter sent to possible victims.
[Comfyllama] OK, here it states that a few members were victims of identity theft and earlier statements said the identity thief "had been using information taken from the program".
The staff that maintains the program has "no reason to believe" that any Prescription Advantage members' data has been misused, the letter adds.
[Comfyllama] Here, the letter states that there is no reason to believe that any data was misused?! A little confusing and contradictory. If confidentiality cannot be assured, assume it has been lost.
Members who have questions about the breach can call Prescription Advantage during regular business hours: 1- or 1- for those who are hearing impaired.
Commentary:
Much is left in the dark about this breach. I certainly hope that more details are being shared with victims. They should demand it.
I am curious about too many things to even mention them all.
Past Breaches:
October, 2007 - Massachusetts DPL sends Social Security numbers in mail
Posts Atom 1.0
I remember reading about this! Although the thief used information from just a small number of participants in the scheme, state data-breach laws require that the 150,000 people who could have possibly been affected by the breach be contacted. Do you know what the punishment for the thief was?
Reply to this
No. Unfortunately, I can't locate any information about what happened to the thief. I couldn't even find record of any charges being filed.
I suspect that charges would have been filed in Worcester County, but I'm not sure about this either. Maybe a reader knows more...
Reply to this