This week, the Department of Health and Human Services in Iowa revealed that the 2022 attack on Independent Living Systems (ILS), a healthcare software company based in Miami, had impacted over 20,800 of its Medicaid members Data breach at Iowa Medicaid.
ILS had reported the breach to Maine’s Attorney General last month, indicating that the sensitive personal of over four million people had been compromised, includng names, addresses, dates of birth, driver’s license numbers, Social Security numbers, financial account information, and medical data such as diagnosis codes and health insurance information.
While the breach was confined to ILS and did not directly affect Iowa’s Medicaid system, ILS had subcontracted some work to Telligen, a private contractor working with Iowa’s Medicaid system, which further subcontracted to ILS for the third-party administrative services provided to health plans, providers, hospitals, and pharmaceutical and medical device companies. Despite the initial breach occurring in July 2022, ILS completed its investigation only in the last two months, and subsequently disclosed the breach to Telligen on February 14, which then informed Iowa officials on February 17.
Iowa officials intend to send out breach notification letters to affected individuals this week. It is uncertain how many other states were impacted by the ILS breach, which has an estimated annual revenue of $191.7 million. Experts have cautioned that the delay in disclosing the breach may have provided criminals with the opportunity to use the stolen information for identity theft, Medicaid fraud, and phishing attacks.
Story Credit
