An rogue employee of a private contractor for Colorado Medicaid recently made news in IT security and technical support circles. Not to mention in the mainstream media.
And it sure wasn’t good news, either. Not for anyone involved.
According to reports, the rogue worker sent an email dated Nov. 21, 2013 to a personal email account – and that email contained sensitive information about more than 1,900 people enrolled in Colorado Medicaid.
The sensitive information obtained and released by the rogue employee reportedly included names, addresses, birth dates, telephone numbers, health conditions and Medicaid ID numbers. All of this information is protected under the Health Insurance Portability and Accountability Act of 1996.
Unfortunately for Colorado Medicaid – and close to 2,000 of their clients and customers – that information wasn’t protected too well from this one highly unaccountable employee. An employee who didn’t even work for them, but rather a private contractor called Colorado Community Health Alliance.
Colorado Community Health Alliance (or CCHA for short) learned of the incident the next day, secured the employee’s laptop, and then fired the employee. A CCHA spokesperson said that the employee signed a release stating that the email had since been deleted. The spokesperson also said the case was then referred to federal authorities for further investigation. The Department of Health Care Policy and Financing later said that the illegally obtained information may have been meant for the employee’s personal business use.
The resulting fallout required Colorado Medicaid to notify the 1,918 people impacted in the incident that their sensitive – and federally protected – information had been leaked to an outside source.
That is a lot of information, about a lot of people – doing a lot of damage to the Colorado Medicaid and CCHA brands, resulting in a lot of worry for a lot of innocent people, and costing everybody involved a lot of time and energy.
And it was all easily obtained and shared by a single rogue employee.
This incident vividly illustrates the need for a company to ensure and implement IT security in today’s at-times uncertain and unethical online environment. One could argue that Colorado Medicaid’s decision to contract some services out to CCHA ended up costing the brand much, much more than whatever they may have saved in what was likely a cost-cutting, penny-pinching maneuver.
One could also argue that if incidents like this are occurring when U.S.-based companies outsource IT and technical support services to other U.S.-based contractors, the risk of similar security breaches and public relations disasters is much, much higher when a business decides to sign on with an outsource provider who “hodge-lodges” its various “employees” all over the globe – and lets them work remotely to boot.
We have blogged about the dangers of outsourcing technical support before, and it’s a point that we feel a great need to continue to hammer home as we enter into 2014. Data privacy and security concerns are nothing new, and anything can happen just about anywhere, at anytime. But the more variables you can eliminate in the equation, and the more confident you can feel in the quality of the people, companies and cultures involved – the better off for you and your business.
At Be Different Solutions, all of our people are not only highly qualified and motivated, but also based in one of our two offices in the United States or Europe. We believe that having people work from one central location greatly improves and promotes strong security, accountability and performance.
With us, you’ll never have to experience the many pitfalls of poorly placed, undertrained and underpaid technical support services in far-flung locales. And you can have more confidence that the people you’re paying for can be trusted and held accountable for their performance and actions.