Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 9th, 2008

Human Error Reveals WellCare Health Plans Members

WellCare of Georgia, Inc. today announced that a human error made some Georgia Families member data available on the Internet. On March 28th, WellCare secured the data on its own computer systems and by April 2nd, all WellCare member information had been removed from the Internet. WellCare Health Plans, Inc. provides managed care services exclusively for government-sponsored healthcare programs, focusing on Medicaid and Medicare. WellCare offers a variety of health plans for families, children, the aged, blind and disabled and prescription drug plans, currently serving more than 2.3 million members nationwide.

Private records of up to 71,000 Georgia families who are members of health insurance programs for the poor or working poor were accidentally made available on the Internet for several days, and some of the data may have been viewed by unauthorized people, Tampa-based WellCare Health Plans Inc. said today.

A human error allowed the information to be accessible for an unknown period of time, but that the secret data was removed from the Internet on April 2. It was not immediately known when the data breach occurred or how long the secret data was available. The state of Georgia said it was notified March 31.
A Web developer prepared a copy of a DCH report folder that was “to be deployed to our Georgia Web portal” but instead made it accessible on the Internet. She said at least 53 folders of names were accessed 248 times. About 10,500 members Social Security numbers may have been viewed by unauthorized people on the Internet, all members of Medicaid or PeachCare. There is a possibility that an initial 59,000 members may have had some personal information made accessible.

WellCare believes that this affected only our Georgia Families membership in Georgia, and not our Medicare coordinated care, private fee-for-service or prescription drug plan membership. The files exposed did not contain credit card, debit card or financial account numbers. They may have contained personal identifying information, such as a member’s name, birth date, dates of eligibility, Medicaid or PeachCare for KidsTM member identification number, social security number or other health plan related information.

At this time, WellCare is not aware of any misuse of its member information due to the accidental exposure of the file on the Internet. WellCare is now notifying in writing the members who could have been affected by this incident. Members should receive those letters by the middle of this week. WellCare is also offering to pay for one year of credit monitoring for those individuals.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Breach Involving Health Information In Elliot Health System
  • Coordinated DDoS Attack Brings MPAA Website Down
  • Griffin Electric Stolen Laptop Exposes Employee Data
  • Nine Out Of Ten Websites Are Vulnerable To Attack
  • Targeted Attack Hits Chinese Gmail Accounts, Google Might Exit China

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Human Error Reveals WellCare Health Plans Members

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.