14 DAY TRIAL // Medicaid's Ohio Department warned that an unknown individual accessed data in Maximus' care without authorization for two days in May. The organization apparently suffered a security incident that may have led to the theft of personal information, according to Info Security Magazine.
Counting about 30,000 people worldwide, including about 10,000 at 11 call centers in nine U.S. states, Maximus had been contracted by the Health Department to manage Medicare data. Between May 17-19, someone tried and succeeded in accessing sensitive information.
The company states "because the unauthorized activity was detected at a very early stage, Maximus believes our quick response limited potentially adverse impacts".
Among the information uncovered in the incident were names, birthdates, and Social Security numbers belonging to the state's Medicaid providers. Maximus said the breached data may have been stolen. The information was stolen using an application. When Maximus noticed the intrusion, it took the breached app offline and contacted the authorities. Data related to Medicaid patients or beneficiaries was not affected by the security incident.
The data leak investigation is being closely followed
The Medicaid department has launched a closely monitored investigation into the data leak. So far, all that is known is that individuals affected by the incident will receive free credit monitoring services for two years.
This is not the first time Maximus has notified thousands of patients of a data breach. In May 2018, a printing error caused parts of letters to mistakenly arrive at Medicaid and Children's Health Insurance Program (CHIP) participants that were intended for other participants.
The error affected letters created and mailed by the data company's print vendor, Business Ink, between February 10 and 13, 2018. By inadvertently misattributing a page of a six-page letter, Business Ink exposed names, addresses, group and case numbers, and program types.