• 5
  • Hospitals
  • 5
  • NJ
  • 5
  • State of New Jersey Department of Human Services, Division of Medical Assistance and Health Service

State of New Jersey Department of Human Services, Division of Medical Assistance and Health Service

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The New Jersey Department of Human Services, specifically the Division of Medical Assistance and Health Services, experienced a data breach that affected some NJ FamilyCare clients. This incident involved the accidental disclosure of names and the last four digits of Social Security numbers. The breach occurred when 1095B tax forms, which confirm health coverage from NJ FamilyCare, were mailed out incorrectly to 842 households on or after April 11. These forms mistakenly included information for individuals not part of the recipient’s household. The Department has since initiated an investigation, found the cause to be a data compiling error, and is taking steps to prevent future occurrences. They have also requested those who received incorrect information to destroy the forms and are reviewing and updating their mailing procedures[1].

Additionally, another security incident was reported involving the potential exposure of personal information and protected health information (PHI) due to a data security incident at the Division of Medical Assistance and Health Services. This incident was discovered on March 17, 2023, when an applicant found their Asset Verification System report, a document generated during the Medicaid application process, in search engine results. The Department responded by removing the document from the search engine, conducting an internal investigation, and patching the system error that allowed the information to be publicly available. It was found that limited Medicaid application documents for certain individuals were also publicly available through search engines. These documents have since been removed from the search engines, and the Department has engaged third-party forensic investigators to assist with the investigation and remediation[7].

Citations:

  1. https://www.nj.gov/humanservices/njfcdata.html
  2. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  3. https://www.cyber.nj.gov/threat-analysis-reports/healthcare-and-public-health-sector
  4. https://www.nj.gov/humanservices/news/pressreleases/2023/approved/20230711.shtml
  5. https://njfamilycare.dhs.state.nj.us/docs/NJFC-HIPAA.pdf
  6. https://www.commerciallitigationupdate.com/new-jersey-takes-aggressive-action-against-alleged-hipaa-violations
  7. https://www.mass.gov/doc/assigned-data-breach-number-30001-state-of-new-jersey-department-of-human-services/download
  8. https://www.njleg.state.nj.us/bill-search/2022/S3714/bill-text?f=S4000&n=3714_I1
  9. https://www.nj.gov/oag/newsreleases20/pr20201008b.html
  10. https://www.njoag.gov/new-jersey-health-care-providers-will-adopt-new-security-measures-and-pay-425000-to-settle-investigation-into-two-data-breaches/
  11. https://www.njleg.state.nj.us/bill-search/2024/S2052/bill-text?f=S2500&n=2052_I1
  12. https://www.justice.gov/opa/pr/justice-department-finds-state-new-jersey-violated-us-constitution-deficient-care-two-state
  13. https://www.hipaajournal.com/hipaa-breaches/
  14. https://www.njconsumeraffairs.gov/ocp/Pages/cyberfraud.aspx
  15. https://www.njcourts.gov/system/files/court-opinions/2023/a0886-21.pdf
  16. https://www.hhs.gov/about/news/2023/06/05/hhs-office-civil-rights-reaches-agreement-health-care-provider-new-jersey-disclosed-phi-response-negative-online-reviews.html
  17. https://www.njcourts.gov/system/files/court-opinions/2023/a2446-20.pdf
Breach Submission Date May 16, 2023
Converted Entity Name State of New Jersey Department of Human Services, Division of Medical Assistance and Health Service
Converted Entity Type Health Plan
State NJ
Individuals Affected 552
Breach Type Unauthorized Access/Disclosure

Breach Information Location Electronic Medical Record, Other

Business Associate Present Yes