McIntire blasted Segal for the security lapse in a letter sent to the company last week. In the letter, she expressed her "deep dissatisfaction that an expert consultant could overlook the inclusion of Social Security numbers in a document that was to be publicly posted and disseminated to potential bidders." "I assume there is no need to point out to you the sensitivity of Social Security numbers or the harm that may flow from unauthorized access to those numbers," McIntire said in the letter. "We did not expect to encounter this kind of problem as a result of your work."

She went on to ask for Segal's full cooperation in helping the state correct the problem.

In an e-mailed statement, Segal said that the mistake resulted from the difficulty involved in distinguishing SSNs from employer identification numbers (EIN), since both are nine digits.

"The Social Security numbers that were released had been used as provider identifiers in the Cigna database," Segal said in the statement, noting that in most cases, providers used their EINs as identifiers. "This is an unfortunate circumstance. Segal has reached out to the state to help rectify the situation and alleviate any provider concerns."