Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowThe names, addresses, case numbers and Medicaid numbers of more than 744,000 Hoosiers on Medicaid were exposed in a contractor’s late May security breach, Indiana’s Family and Social Services Administration announced Friday.
Four people’s Social Security numbers were also exposed, FSSA said.
The breach affected file transfer software MOVEit, used by Indiana’s health coverage programs enrollment broker Maximus Health Services. But Maximus also manages and administers other government programs at the federal and local levels.
Maximus said it “detected unusual activity” in its MOVEit application on May 30, according to a sample letter sent to the 612,000 Medicare beneficiaries affected nationwide in the same breach.
On May 31, MOVEit developer Progress Software Corp. announced that a vulnerability in the software had let an unauthorized third-party gain access. That day, Maximus halted its use of MOVEit, according to the letter.
In a July 26 report to the U.S. Securities and Exchange Commission, Maximus said the files of at least 8 million to 11 million people had been impacted nationwide. The company said it would notify those people of the breach, and offer them free credit monitoring and identity restoration services.
But Maximus is far from the only organization using MOVEit. The breach has impacted K-12 schools, universities, motor vehicle authorities, pension management organizations and more, according to Reuters.
The total number of people impacted could be 40 million or more, according to cyber analyst tallies corroborated by Reuters. And Cl0p, the group behind the hack, is slowly leaking their data.
The Indiana Capital Chronicle is an independent, not-for-profit news organization that covers state government, policy and elections.
Please enable JavaScript to view this content.