Arizona’s Medicaid program accidentally sent emails including private health information belonging to over 3,000 Arizonans to the wrong people.
In a Sept. 26 press release, the Arizona Health Care Cost Containment System said it sent “misaddressed member communications” to 3,177 people on Aug. 29.
The data breach exposed Arizonans' names, AHCCCS identification numbers and health plan names. The letters did not include Social Security numbers, financial data or clinical information, according to the agency.
AHCCCS initially indicated the breach was related to a physical mailer sent to members.
In the release, the agency said it was notified of the issue "by a member who received a letter addressed to a different individual,” and that it “halted its mailing process and launched an internal investigation.”
However, following inquiries from KJZZ, an AHCCCS spokesperson clarified the incident was the result of human error by AHCCCS staff as it prepared an email distribution list, not a physical mailing.
“The file was processed internally by AHCCCS staff. No mail houses were involved. The breach was related to a Constant Contact email distribution,” according to a statement.
The agency notified affected members after learning about the issue.
“To prevent future incidents, AHCCCS has also implemented a more robust quality assurance process to strengthen safeguards around member communications,” according to the statement.
In a press release, AHCCCS encouraged affected members to utilize free credit reporting services to monitor their personal information and report any suspicious activity to law enforcement and the agency.
