A security incident at an Ohio Medicaid provider last month may have resulted in the theft of personal data.
Maximus was hired by the department to carry out data management. The company employs about 30,000 workers worldwide, with approximately 10,000 of those employees working at 11 call centers in nine states in the United States.
Information exposed in the incident included names, dates of birth and Social Security numbers belonging to the state’s Medicaid providers. Maximus said the breached data could have been stolen.
Data concerning Medicaid patients or beneficiaries was not affected by the security incident, which occurred from May 17 to May 19, when it was detected by Maximus.
The company said that “because the unauthorized activity was detected at a very early stage, Maximus believes our quick response limited potentially adverse impacts.”
The hacker accessed the information via an application. Once the intrusion had been detected, Maximus took the breached app offline and contacted law enforcement.
An investigation into the data breach was launched and is being monitored by the Medicaid department.
Individuals who were impacted by the incident are being offered two years of free credit monitoring services.
In May 2018, Maximus notified thousands of patients of a data breach caused by a printing error. The error resulted in some participants in Medicaid and the Children’s Health Insurance Program (CHIP) receiving part of a letter meant for another participant.
The error impacted letters prepared and mailed by the data company’s print vendor, Business Ink, between February 10 and February 13, 2018. By accidentally mismatching one page of a six-page letter, Business Ink exposed names, addresses, group and case numbers, and program types.
Maximus was founded in 1975 and has offices in nine countries. It is the leading administrator of Medicaid enrollment broker services in the United States and answers more than seven million calls per month at its contact centers.