A South Carolina man who accessed the confidential information of 228,435 Medicaid beneficiaries sent the cache of data to his own private email account and forwarded it to at least one other person, authorities say.
Christopher Lykes Jr. of Swansea, S.C., was arrested April 19 and charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information, the Columbia, S.C., newspaper The State reported.
Lykes is suspected of having gathered the confidential information, which included Medicaid beneficiaries' names, phone numbers, birth dates, addresses and Social Security numbers, and sending it to his personal Yahoo email account, in 17 spreadsheet files, beginning on Jan. 31 and ending April 2. More troubling: Lykes allegedly forwarded the spreadsheets to at least one other person, which increases the likelihood that the stolen records could be leveraged for identity theft or financial fraud.
Lykes, 36, was fired from his position at the South Carolina Department of Health and Human Services on April 11, the day after the HHS discovered the breach and seized his personal and work computers.
The illegally accessed records included 22,604 Social Security numbers, which doubled as people's Medicare ID numbers. Lykes allegedly obtained the records "through a reporting process," HHS director Tony Keck said. Investigators don't believe anybody's health or financial information was compromised as a result of the breach.
Keck said the breach "exposed a specific security weakness inside the agency that we have corrected. This was not an external event where someone hacked into the agency." He added, "We are disappointed that one of our own would violate that trust and are deeply apologetic for not preventing the inappropriate release of this information."