September 1, 2023

A data breach exposed private health information of more than 200,000 Medicaid clients in Indiana

A data breach exposed private health information of more than 200,000 Medicaid clients in Indiana

The private health information of more than 200,000 Medicaid clients in Indiana may have been exposed in a data breach that affected companies worldwide late May.

The Indiana Family and Social Services Administration announced Friday that the names, addresses, social security numbers, health conditions, member ID and plan name of 212,193 Medicaid members in Indiana who are part of a CareSource managed care plan may have been exposed in the breach.

The breach occurred in a software called MOVEit.

“CareSource immediately remediated the breach. CareSource notified FSSA and is contacting all Medicaid members affected with information and options for credit monitoring,” a press release by the FSSA said.

This announcement comes after an earlier announcement that the private information of more than 700,000 Medicaid clients in Indiana was exposed as part of the same breach.

“The names, addresses, case numbers and Medicaid numbers of more than 744,000 members of Indiana Medicaid were exposed in the breach,” according to the FSSA's press release in August. “Social Security numbers of four additional Medicaid members were impacted.”

That breach also occurred in the software MOVEit used by Maximus Health Services, a third party contractor.

Medicaid clients in other states were also impacted.

A class action lawsuit was filed in the Southern District of Ohio against CareSource on Sep. 4 on behalf of Medicaid clients impacted by the data breach. The suit alleges that CareSource failed to secure the personal identifying information and personal health information “of over three million people that it was entrusted to safeguard.” 

“As a result of its failure to do so as described below, the following types of personal information are now in the hands of criminal hackers: names, addresses, birthdates, Social Security numbers, and sensitive medical information including “health conditions,” “medications,” “allergies,” and “diagnosis”,” the according to the lawsuit.

The breach has impacted around 1,000 organizations and 60 million people globally, according to TechCrunch.

This story was updated on Sep. 5, 2023 at 4 p.m. ET.

Contact Farah Yousry at

Support independent journalism today. You rely on WFYI to stay informed, and we depend on you to make our work possible. Donate to power our nonprofit reporting today. Give now.


Related News

Affordable housing for people in recovery will offer wraparound services and child care
Coalition of 100 Black Women, Men to host health fair this Saturday at Eastern Star Church
New east side pharmacy aims to accept all Medicaid plans and slash drug prices