Personal information on thousands of Georgia Medicaid patients was accessible on the Internet for at least a week in late March because of a goof by a Web site developer, Tampa-based WellCare Health Plans acknowledged Monday.

 

The company is sending out letters to 69,000 members of its Georgia Families program who may have been mentioned in the files, and is offering to pay for one year of credit monitoring.

 

The exposed files did not contain medical diagnoses or financial information, spokeswoman Amy Knapp said. However, they may have contained personal identifying information, including name, birth date, member identification number or Social Security Number.

 

In a press release posted on its web site Monday night, the president of WellCare’s Georgia region, Mike Cotton, apologized. “We regret that this incident occurred. WellCare takes the privacy and security of personal information very seriously.”

 

None of the company’s Georgia Medicare members were affected, the company said. No Florida members were affected.

 

WellCare has hired a national information technology firm to assess its security and privacy controls. Knapp said she could not identify the company.

 

WellCare could have uncovered the problem eight days sooner than it did. The first call from a member on March 20 was mistakenly referred to a state agency, Knapp said. When the second report came in on March 28, WellCare’s information technology security department was alerted.

For more, read WellCare's release.