An employee who was transferring Medicaid members' information to the state's internet portal had removed security protections, making confidential data available with the click of a mouse, according to the St. Petersburg Times.
The data included personal information for some members of Georgia Families such as members' names, birth dates, dates of eligibility, member ID numbers or Social Security numbers, but did not contain credit card, debit card or financial account numbers, WellCare said.
WellCare said it is sending letters to members who could have been affected, and will offer to pay for one year of credit monitoring for those individuals.
The provider said it was not aware of any misuse of its member information, and does not believe the disclosure affected its Medicare-coordinated care, private fee-for-service or prescription drug plan membership, according to the release.
WellCare secured the data on its own computer systems on March 28, and had removed all information from the internet by April 2. The company said it has also hired a national IT firm to perform a full assessment of its security and private controls.
Tampa-based WellCare provides management care services exclusively for government-sponsored healthcare programs, focusing on Medicaid and Medicare.