September 1, 2023

A data breach exposed private health information of more than 200,000 Medicaid clients in Indiana

Farah Yousry
A data breach exposed private health information of more than 200,000 Medicaid clients in Indiana

The private health information of more than 200,000 Medicaid clients in Indiana may have been exposed in a data breach that affected companies worldwide late May.

The Indiana Family and Social Services Administration announced Friday that the names, addresses, social security numbers, health conditions, member ID and plan name of 212,193 Medicaid members in Indiana who are part of a CareSource managed care plan may have been exposed in the breach.

The breach occurred in a software called MOVEit.

“CareSource immediately remediated the breach. CareSource notified FSSA and is contacting all Medicaid members affected with information and options for credit monitoring,” a press release by the FSSA said.

This announcement comes after an earlier announcement that the private information of more than 700,000 Medicaid clients in Indiana was exposed as part of the same breach.

“The names, addresses, case numbers and Medicaid numbers of more than 744,000 members of Indiana Medicaid were exposed in the breach,” according to the FSSA's press release in August. “Social Security numbers of four additional Medicaid members were impacted.”

That breach also occurred in the software MOVEit used by Maximus Health Services, a third party contractor.

Medicaid clients in other states were also impacted.

A class action lawsuit was filed in the Southern District of Ohio against CareSource on Sep. 4 on behalf of Medicaid clients impacted by the data breach. The suit alleges that CareSource failed to secure the personal identifying information and personal health information “of over three million people that it was entrusted to safeguard.” 

“As a result of its failure to do so as described below, the following types of personal information are now in the hands of criminal hackers: names, addresses, birthdates, Social Security numbers, and sensitive medical information including “health conditions,” “medications,” “allergies,” and “diagnosis”,” the according to the lawsuit.

The breach has impacted around 1,000 organizations and 60 million people globally, according to TechCrunch.

This story was updated on Sep. 5, 2023 at 4 p.m. ET.

Contact Farah Yousry at fyousry@wfyi.org

Tags:FSSAcybersecuritydata securityMedicaid
Support independent journalism today. You rely on WFYI to stay informed, and we depend on you to make our work possible. Donate to power our nonprofit reporting today. Give now.

 

Related News

Possible measles exposure at Indy Children’s Museum on day of solar eclipse, health department warns
Health / April 20, 2024

Possible measles exposure at Indy Children’s Museum on day of solar eclipse, health department warns

Solar eclipse gazers at the Indianapolis Children’s Museum may have been exposed to measles from an out-of-state visitor on April 8, according to the Marion County Public Health Department.
Read More
The Checkup: Are my eclipse glasses legit? How do I protect my eyes?
Health / April 1, 2024

The Checkup: Are my eclipse glasses legit? How do I protect my eyes?

Why do I need special solar eclipse viewers? How do I check if my eclipse glasses are not fake and are safe to use? Can I look through my phone? We answer these questions and more ahead of the April 8 solar eclipse.
Read More
IU Health launches a nutrition hub to serve food insecure Methodist hospital patients
Health / November 6, 2023

IU Health launches a nutrition hub to serve food insecure Methodist hospital patients

A new program at IU Health Methodist Hospital hopes to address nutrition insecurity in downtown Indianapolis.
Read More