Personal info of 700+ Medicaid program participants possibly breached when laptop stolen
MADISON -- Information belonging to more than 700 people may have been breached when a laptop and work bag belonging to a "The Management Group" consultant was stolen on Feb. 5, officials with the Wisconsin Department of Health Services said in a news release Tuesday, April 3.
The consultant works with participants of the IRIS program: "a Medicaid Home and Community-Based Services (HCBS) waiver for self-directed long-term supports" -- "an option for adults with long term care needs." "IRIS is available to Wisconsin residents determined financially eligible for Medicaid, functionally in need of nursing home or Intermediate Care Facility for Individuals with Intellectual Disabilities (ICF/IID) level of care; and living in a county where managed long-term care and IRIS are available," according to the DHS website.
According to DHS officials, The Management Group officials mailed notifications to 779 participants on April 3 who received services from TMG who have potentially been impacted by this breach of information.
Due to the sensitive nature of data on the stolen laptop, all participants impacted by the breach have been offered one year of identity theft protection services without charge.
The stolen laptop was encrypted, but the password to the laptop was in the stolen work bag which is against company policy.
In a review of this case,The Management Group officials found the laptop may have contained personal information about IRIS participants, including names, addresses, dates of births, participation in IRIS, services, Medicaid numbers, financial information and Social Security numbers. Social security numbers of 23 participants were on the laptop.
The Management Group is taking additional steps to protect against further breaches of personal information, DHS officials said in the release. TMG is a business associate of the Wisconsin Department of Health Services and serves as an IRIS Consultant Agency for the IRIS Program.
Participants who believe they may have been affected but have not received a notification letter by April 9 or have questions about this incident, can call 844-864-8987 from 8:00 a.m to 5:00 p.m. Monday through Friday or email ComplianceGuide@tmgwisconsin.com(link sends e-mail).