For the second time in one year, the Utah Department of Health is facing another data breach. According to a UDOH statement, an employee from an outside contractor – Goold Health Systems – lost an unencrypted USB memory stick containing personal information for 6,000 Medicaid clients. Goold processes pharmacy transactions for the UDOH.

It’s crucial for companies to take proper precautions against different types of security issues. While this event involves a lost device, the previous breach occurred last March when Eastern European hackers gained access to healthcare information for close to 780,000 Medicaid patients in Utah. Thorough risk assessments can help business leaders create a disaster recovery plan, which can help an organization fully recover after a data breach.

“There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal,” UDOH deputy director and state Medicaid director Michael Hales, said in a statement. “Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes.”

Hales added that UDOH understands that some individuals might be anxious over the breach, but the organization is taking all reasonable precautions to ensure that the missing data will not be used to harm individual clients or the Medicaid program. 

The memory stick did contain names, ages and identification numbers of Medicaid recipients, according to the UDOH press release. According to the Associated Press, the employee in question – whose name has not been released – violated both Health Department policy and the contract GHS had with the agency.

Educating employees of proper security protocols is extremely important for businesses to keep themselves protected from data breaches. Working with business continuity consultants can help organizations conduct thorough risk assessments and create prevention and recovery plans for numerous situations.