State Officials Encourage Precautions After Lapse in Email Encryption Protocol


Raleigh, N.C. - The North Carolina Department of Health and Human Services is notifying affected citizens and the U.S. Health and Human Services Office for Civil Rights of a Nov. 30, 2016, incident in which protected health information was sent to health care providers via an unencrypted email.

The email contained remittance information for monthly financial assistance for adult care and group homes licensed to accept state/county special assistance. Identifying information of 12,731 Medicaid recipients residing in the homes included individuals’ first initial, last name, Medicaid identification number and name and address of the home in which they reside.

The DHHS Privacy and Security Office was notified of the incident. While DHHS cannot determine for certain that the email was not intercepted during transmission over the open internet, DHHS has no reason to believe the information was compromised in any way. After this incident DHHS began using identification numbers that do not reflect protected health information or require encrypted email.
DHHS has mailed letters to all affected individuals and their guardians notifying them about the incident. The department has also recommended steps to protect against fraud, such as putting an alert on their credit files and keeping an eye on their bank statements and credit card bills for unusual or unauthorized activity.

If individuals are concerned about credit fraud, they may contact any of the following credit bureaus to ask that a fraud alert be placed on their account:
•    Equifax: 1-800-525-6285 
•    Experian: 1-888-397-3742 
•    TransUnion: 1-800-680-7289 
If you may have been affected by this incident and have questions, please call 1-800-662-7030.