Skip to main content
The troubled non-emergency medical transportation provider for metro-area Medicaid patients suffered a previously unreported data breach in November, which authorities say exposed the personal information of more than 650,000 people.
GridWorks was a contractor to Health Share of Oregon, a consortium of local health care and insurance providers. Health Share serves more than 300,000 Medicaid clients through the Oregon Health Plan.
In a statement today, Health Share said that GridWorks suffered a theft at its Portland office Nov. 18 but did not inform Health Share that a computer containing unprotected client data was among the items stolen until Jan. 2.
Health Share spokeswoman Stephanie Vandehey says Health Share is revealing the breach today rather than when it learned of it because it took weeks to notify all the legal and regulatory agencies and establish protocols for helping members deal with the potential misuse of their personal information.
"The member information located on the laptop includes members' names, addresses, phone numbers, dates of birth, social security numbers, and Medicaid ID numbers," Health Share said in a statement. "Members' personal health histories were not exposed,"
Health Share determined that the computer contained personal information 654,362 people, which is about double the number of current Health Share members. (The number is so large because the computer held information for former Health Share members as well.)
The Health Share consortium includes Adventist Health, CareOregon, Central City Concern, Clackamas County, Kaiser Permanente, Legacy Health, Multnomah County, Oregon Health & Science University, Providence Health & Services, Tuality Health Alliance and Washington County.
Health Share is notifying members of the breach in a letter sent out today. It will offer those affected a year of free credit monitoring, fraud consultation and identity restoration services.
"Though the theft took place at an external vendor, we take our members' privacy and security very seriously. We are ensuring that members, partners, regulators, and the community are made fully aware of this issue," Maggie Bennington-Davis, MD, interim CEO and Chief Medical Officer said in a statement. "We are committed to providing the highest quality service to our members, which includes protecting their personal information."
As WW previously reported, Gridworks failed last year, leading to non-payment of the small companies that actually transport thousands of Health Share members to medical appointments each day. That failure caused financial hardship for the providers and in December, Health Share announced that it would step in and cover the unpaid bills and seek a replacement for Gridworks.
Further information about the theft can be found here.