Personal information of 17,743 Medicaid recipients in NYS breached


Gary Muntz of Whitesboro says when he received a letter this week from the State of New York Office of Medicaid Inspector General, or OMIG, he was shocked.

The letter stated that a recent incident within OMIG may have resulted in the potential exposure of his recipient information.

"I've been through four floods in the past three years, and now this," he said,

Muntz, of flood-prone Sauquoit Street in Whitesboro says he is worried that someone may use his personal information.

"I'm worried about my Social Security number being used, or my name, or whatever purpose these people wanted it for, so they can open other accounts up or whatever," Muntz said.

The letter, dated July 12 says, "An OMIG employee, without any authority from OMIG management, released protected health information to that employee's home computer. OMIG first learned of the incident on October 18th, 2012. The employee was immediately placed on administrative leave, pending a complete investigation of the situation."

Muntz wanted to know why it took OMIG nine months to inform people of the breach.

Wanda Fisher, Director of Public Information with OMIG told NEWSChannel 2 on Friday afternoon their reason for the nine-month time span.

"When an investigation is underway, every effort must be made to preserve the integrity of the investigation," Fisher said.

According to Fisher, information from a total of 17,743 recipients was downloaded onto that employee's computer.

In a statement on the OMIG website, it also says, "Since this incident occurred, OMIG has devised tighter controls in its information technology department to limit access to data, ensuring that only those investigators and auditors who need data for specific investigatory or auditing purposes can retrieve such information."

Utica Attorney Mark Wolber says that even though OMIG currently believes no one's personal information has been used in any way, this investigation may end up being far reaching.

"If that employee is online, there are people who can hack that information," Wolber said. "So even though the intention was to go to the home computer, the availability of that information to a wide variety of people who have the ability to hack into people's computers is way beyond the individual. This is a very serious situation."

Wolber also says Muntz and other Medicaid recipients affected may have recourse if something does end up happening with their personal information.

"There is potential for civil liability, both against the individual as well as perhaps against the State," Wolber said. "Criminal liability, I think the answer is yes as well, because in this type of situation, it could lead to some type of fraud and it could lead to some type of theft or larceny."

Gary Muntz says he has already done what OMIG urged him to do in the letter, which is to contact one of the three major credit reporting agencies and to issue a fraud alert in his name. That means that if someone tries to open an account in his name, he will be notified.

As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file as well.

The letter sent out also urges people to get a free credit report and look closely to see if there is any suspicious activity and if there is, they should contact their local police department.

If you have received a letter and have any questions at all, you are urged to call OMIG at 1-855-809-7205.

What's On