Ohio Medicaid announced that their data manager, Maximus Corp, has been hit with a “cybersecurity incident” which compromised the personal information of almost 335,000 individuals. Those affected individuals are located in multiple U.S. states.
The Maximus data breach was first reported in May 2021 when unknown parties allegedly accessed a company server. Maximus has sent out notification letters to those affected, and although they don’t believe any personal information has been misused or sold on the dark web yet, there is always some degree of uncertainty in these matters and data theft cannot be ruled out.
According to Emsisoft, in 2020, ransomware attacks affected 560 health care facilities in the U.S. In at least 12 of those incidents sensitive health information and other personal data was published online
On May 19, 2021, Maximus discovered a breached server that contained personal information provided to the Ohio Department of Medicaid (ODM) or to a Managed Care Plan. Maximus took the server offline shortly after discovering the data breach to prevent further unauthorized access and began an investigation. Personal information that may have been leaked includes:
- Dates of birth
- Social Security numbers
- Drug Enforcement Agency numbers