COVID-19 in Washington: Links and resources to help you during coronavirus pandemic

State notifies 91,000 Apple Health (Medicaid) clients of data breach

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
Data pix.

OLYMPIA -- State health officials are notifying 91,000 Washington Apple Health (Medicaid) clients of a data breach by an employee.

The Washington State Health Care Authority said the information includes consumers' Social Security Numbers, dates of birth, client ID numbers and private health information.

Two state employees in two state agencies exchanged client files in violation of HIPAA, authorities said.

"Both employees assert that the exchange of information occurred because the HCA employee needed technical assistance with spreadsheets that contained the data and that the information was not used for any additional unauthorized purposes or forwarded to any other unauthorized recipients," according to a news release. "The breach was discovered in the course of a whistleblower investigation into misuse of state resources.

Clients must be notified because it was determined there was a breach of protected data and officials could not confirm what data stayed within the state's systems.

“Our first and foremost priority is protecting our clients’ personal information,” said HCA Risk Manager Steve Dotson. “We have taken swift action to address this issue and help prevent future incidents. I know this is stressful and concerning for those impacted, and we are doing everything possible to support them.”

“While we have no indication that the client files went beyond the two individuals involved, Important privacy laws were violated and we are exercising caution and due diligence given the nature of the information,” Dotson said.

Both employees have been "terminated," officials said.

Upon discovering the breach, HCA:

  • Conducted an internal investigation that included securing and searching the employee’s computer to understand what information was exchanged.
  • Partnered with the state agency whose employee was the recipient of the information to further understand what information was exchanged and to ensure HCA information was secure.
  • Worked to identify files containing private information and notify impacted clients.
  • Set up one year of free credit monitoring for impacted clients, a toll-free number and a web page for impacted Apple Health clients.
  • HCA covers more than 1.8 million Washington residents through the Apple Health program, which provides free health care to individuals with low incomes.

Click here for their website and toll free number. 

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.