Health Department Deputy Director and state Medicaid Director Michael Hales said that because the information did not include Social Security numbers or financial data, there's a minimal risk that the breach will lead to identity theft. The department has no reason to believe the data were targeted by anyone for "malicious purposes," Hales said in a statement.
The Health Department is in process of sending out letters to the individuals whose information was lost and said it is taking steps to protect them from potential fraud.
The agency's executive director, Dr. David Patton, said he's asked for a legal review of the contract with GHS and intends to pursue "whatever financial or contractual remedies are available in order to ensure GHS is held accountable for this serious mistake," he said.
Hudachko said the breach is frustrating for the department "because we've essentially spent the last nine months responding to the breach that we had last year."
He said that in the past nine months, the department has tried to figure out where to strengthen its system, enacted more than 100 new policies and trained almost 400 employees in data protection.
"Unfortunately, despite all those efforts that we've undertaken, it just takes one individual who steps outside of policy and disregard of protocol, and you've got an incident like this that happens," he said.
Though it was a contractor that lost the information, Hudachko said the department will still take full responsibility.