INDIANAPOLIS — More than 744,000 Medicaid members in the Hoosier State have been affected by a data security incident, according to the Indiana Family and Social Services Administration.
In an announcement released Friday, FSSA reported that software used by a third-party contractor experienced a breach that exposed personal information like names, addresses, case numbers and Medicaid numbers. The incident occurred via the MOVEit application that Maximus Health Services uses.
Maximus alerted FSSA about the breach. Four Medicaid members’ social security numbers were impacted during the event.
The MOVEit breach hit companies worldwide in late May, per FSSA. The 744,052 individuals from Indiana affected by the incident are members of Medicaid who had received a communication from Maximus regarding the selection of a “managed care entity.”
In a separate press release, Maximus reported that it took MOVEit offline on May 31. It then applied vendor-recommended actions and patches to address the vulnerability within MOVEit. Maximus also engaged forensic investigation and data analysis firms to identify affected individuals and types of information involved.
The company noted it eventually learned that, from May 27-31, an unauthorized party obtained copies of certain files that were saved in the Maximus MOVEit application.
The Virginia-based business is now offering complimentary credit monitoring, identity restoration and fraud detection through Experian. An investigation determined that the incident did not impact Maximus systems beyond MOVEit. Maximus is continuing to work with with law enforcement as the incident unfolds.
Impacted Indiana Medicaid members are encouraged by Maximus to regularly monitor account statements and free credit reports. If members detect suspicious activity, they should contact the companies that administer their accounts.
For additional information, those impacted can call 1-833-919-4749. The call center is available from 9 a.m. to 11 p.m. on weekdays and 11 a.m. to 8 p.m. during weekends.
