Over 700K Indiana Medicaid Recipients Exposed in Data Breach
Table of Contents
- By Steven
- Published: Sep 06, 2023
- Last Updated: Sep 07, 2023
The Indiana Medicaid program helps state residents who fall into a lower income bracket. These individuals use the program to obtain medical care. To qualify for the program, individuals must present their financial statements and other personal data to the government organization. Some or all of this data could be at risk if the organization is compromised. After learning the Medicaid program was compromised, we were concerned about all the individuals that could be impacted. According to recent reports, more than 700,000 Indiana Medicaid recipients were impacted by the recent data breaches.
How Did the Attack Occur?
The Indiana Medicaid attack occurred because the companies involved utilized the MOVEit file transfer tool. This solution is meant to move files between companies or users securely. A security vulnerability enabled a hacker gang to steal all the data connected to MOVEit locally. The vulnerability resulted in substantial data losses for hundreds of different companies, including Indiana Medicaid and CareSource. The breach likely occurred near the end of May or the beginning of June.
What Information Was Viewed or Stolen?
A huge amount of information for Medicaid patients in Indiana was exposed in this data breach. For some of the patient's health conditions, plan names, Social Security Numbers, addresses, full names, and member IDs were exposed. For another group of patients, different private information such as full names, case numbers, and addresses were exposed. It's impossible to say what information was exposed for each patient using Indiana Medicaid, but it's likely that some of the items listed above were made available due to the breach if you receive a notice from the organization informing you that your data was involved.
How Did Indiana Medicaid and Caresource Admit to the Breach?
Two separate notices went up explaining details of the data breach to the public it impacts. One from WFYI Indianapolis and the other from the FSSA. Between both of the different announcements, you have some information about the breach, and most people have at least heard of it now. It's likely that individual notices also went out for everyone involved. If you don't receive a notice but are using Indiana Medicaid, you should still watch over your information to ensure you're safe from harm.
What Will Become of the Stolen Information?
The stolen data will be used in an attempt to collect a ransom. If the gang isn't able to extort a ransom payment out of the government or Caresource, then the information will be distributed to try and gain other benefits. The gang may package up the data and sell it to other attackers. It's also possible the hackers will use the data to launch attacks of their own. Phishing attacks are a possibility, and so are identity theft attacks.
What Should Affected Parties Do in the Aftermath of the Breach?
If you believe your information was taken during this breach, you should take immediate action to safeguard yourself. Begin by checking your credit and then follow up by getting a credit monitoring service if you can. You could also put a freeze on your credit to make an identity theft attack ineffective. At the very least, you should monitor your accounts closely and avoid completely giving your information to anyone you don't trust.
