From March 1 to May 10, 2017, an Internet URL made 12 Medicaid billing reports of PHI available.  The billing reports included names, Medicaid numbers, doctors names, costs, and services rendered for approximately 822 people.  SSNs, dates of birth, and addresses of patients were not included.  The Medicaid program is managed (and reviewed for security) by the Colorado Department of Health Care Policy and Financing.  Part of the Medicaid payment system is provided by contractor DXC Technology which went live March 1st.

When DXC Technology went live on March 1st, providers immediately began to complain about lag and denials in requests for reimbursement.  Some smaller doctor and therapist organizations claim to have been forced to take out loans or use credit cards to make their employee payroll.  DXC Technology has claimed they have no reason to believe this information has been used inappropriately and is offering one free year of ID theft protection.