Thousands put at risk after data is stolen from state health department

Personal information for thousands of Michiganders was stolen because of a breech at the state level.

"This makes you wonder if you can trust the government,â?? said Stephen Turner, Professor, University of Michigan â?? Flint.

More than 2,500 health records, and 1500 social security numbers and Medicaid ID numbers are floating around in the wrong hands.

"I don't think that, under any circumstances that information should be leaked,â?? said Joe Squires, Clio.

An employee for a division of the Michigan Department of Community Health had their car broken into. A laptop and flash drive, both storing sensitive data, were stolen.

"They ask you to write your social security number down on all kinds of forms, and who knows where them forms end up,â?? said Squires.

"The hard drive is in less danger because it was encrypted. But because the flash drive wasn't University of Michigan professor Stephen Turner says the state made a big mistake, and that mistake has the state in a violation of its own health privacy laws.

"They have to do a better job of protecting our data by basically following the rules they've established,â?? said Stephen Turner, Professor, University of Michigan â?? Flint.

According to the Michigan Department of Community Health Departmentâ??s procedures, encrypting all devices is standard, and it violates procedure to leave any device like these unattended in a parked car.

"There are proper disciplinary actions being conducted right now, and that employee has also received counseling about the proper procedures for the State of Michigan,â?? said Angela Minicuci, spokesperson, MDCH.

The state is offering free credit monitoring to those impacted, but for someone who's been victim to identity theft before he describes it as a nightmare.

"It's kinda scary when you think, you could lose everything,â?? said Squires.

The state found out about this security breach in early February, but it wasn't until this week they could reconstruct the data to determine whose information was compromised.