The New Mexico Human Services Department is notifying about 9,600 members of its Medicaid fee-for-service and Medicaid Salud health plans of a data breach involving a laptop computer carrying medical claims information, including members' names and health plan identification numbers, which in some cases were those members' Social Security numbers.
The department “is encouraging all members to protect themselves by placing a free fraud alert on their credit accounts,” according to a news release on the state agency's website.
According to its news release, the Human Services Department was notified of the breach on April 9 by DentaQuest, Boston, a dental health plan under contract as a provider of dental health benefits to the state's Medicaid beneficiaries.
According to its website, DentaQuest provides benefits to 14 million people in 20 states and the District of Columbia.
The breach, however, stems from the theft of data on a laptop computer reportedly in the trunk of a car stolen on March 20 in Chicago, according to the state agency.
The laptop belonged to an employee of a DentaQuest subcontractor, West Monroe Partners, a management and information technology consulting firm to the pharmaceutical industry, health plans and provider organizations as well as companies in other nonhealthcare industries, according to reports from the state agency.
According to the state, the missing computer was password-protected, but the data was not encrypted.
“At this time, the stolen car and laptop have not been recovered, and it is not known whether the information on the laptop has been accessed,” the state agency's statement said.
The breach has been reported to HHS as required for serious healthcare data losses under the breach notification provisions of the American Recovery and Reinvestment Act of 2009.
As of March 31, 64 healthcare organizations have made the list kept by the Office for Civil Rights at HHS of healthcare data breaches involving records of 500 persons or more. Overwhelmingly, theft of storage devices containing unencrypted data was the most common cause of breaches that made the list thus far.