Ohio Medicaid has reported a data breach encountered by Maximus Corp, its data manager, that resulted in the compromise of the personal data of Medicaid healthcare companies.
Maximus is an international vendor of government health information services. Because the company provides those services, it gets access to the personal data of Medicaid healthcare companies. On May 19, 2021, Maximus learned that unauthorized individuals accessed a server containing the personal data furnished to the Ohio Department of Medicaid (ODM) or to a Managed Care Plan from May 17 to May 19, 2021.
When Maximus discovered the breach, it took the server off the internet to block the attacker’s unauthorized access. A top-rated third-party cybersecurity company is investigating. the incident The cybersecurity company stated that the breach was limited to a program on the server and did not affect any other servers, programs, or systems.
There is no evidence identified that shows the misuse of any data inside the application, though data theft cannot be eliminated. The program was utilized for the requirement of credentialing or tax identification associated with the function of every individual as a healthcare service provider.
The application contained the following types of sensitive information: names, Social Security numbers, birth dates, and Drug Enforcement Agency numbers. According to Maximus, the breach did not affect persons covered by Medicaid.
Maximus stated the quick identification of the breach confined possibly negative impacts; nevertheless, because there is a probability of data theft, it sent notifications to all people affected on June 18, 2021. The company also offered free credit monitoring services for 2 years.
Maximus already reported the breach to the Maine Attorney General indicating that 334,690 people were affected. Those people are based in several U.S. states.