A November data breach at the Oklahoma State University Center for Health Sciences may have provided a third party with Medicaid patient information, according to OSU officials.
Patient names, Medicaid numbers, health care provider names, dates of service and limited treatment information might have been included in the breach, which was discovered Nov. 7, according to OSU-CHS.
Financial information and medical records were not compromised, an OSU news release says.
OSU-CHS officials said an investigation by an independent data security firm could not confirm, nor rule out, whether the unauthorized party accessed patient information.
After learning that a third party gained access to folders on a server that stored Medicaid patient billing information, officials removed the folders and terminated the access. They also shut down the affected server, according to the release.
In a statement, Dr. Johnny Stephens, chief operating officer and senior vice president of OSU-CHS, said it has “taken significant steps to strengthen our network against any future unauthorized intrusion” and that the center “sincerely regret(s) the concern and any potential impact this incident may have on those we serve.”
Letters were sent this week to notify patients who may have been affected. They were told to watch for discrepancies in billing statements and to notify their provider and Medicaid if any were found.
Those with questions about the breach are asked to call 1-844-551-1727, 8 a.m. to 8 p.m. Monday through Friday. Additional information about the breach can also be found at health.okstate.edu.