712 Digital Group - top

National Data Breach Impacts Some Iowa Medicaid Members

News

April 12th, 2023 by Ric Hanson

A cyber attack has exposed personal data for thousands of Iowans who receive Medicaid. The Iowa Department of Health and Human Services said Tuesday the breach was part of an attack on a contractor’s computer systems last summer. The Iowa Medicaid system itself was not hacked.

The department says approximately 20,800 Iowans may have had their names, Medicaid details and other sensitive information exposed. Those who have been impacted will be notified by a letter in the mail this week. The letter will say what was exposed and what steps one should take to stay safe.

The Iowa HHS said that Medicaid members with questions can reach out to Iowa Medicaid Member Services toll-free at 833-257-1764 Monday through Friday, 8 a.m. to 5 p.m. CT.

Additional details:

Iowa Medicaid, a division of HHS, works with private contractors to help deliver health care in Iowa. One of those contractors is Telligen, Inc. which performs annual assessments for Medicaid members to ensure they are receiving the correct level of care. Telligen subcontracted part of that work to Independent Living Systems (ILS).

Between June 30 and July 5, 2022, ILS suffered a data breach that resulted in the exposure of personal information belonging to more than four million individuals across several states. Data for approximately 20,800 Iowa Medicaid members was involved in this breach. The breach led to the compromising of information, such as full names, Medicaid details, and other sensitive information.

ILS detected the network intrusion on July 5, 2022, and reported the incident to the FBI and other authorities. An investigation was launched to determine what data was compromised. As the investigation was concluding, ILS informed Telligen of the breach on February 14, 2023. Telligen notified Iowa HHS and Medicaid on February 17, 2023.

ILS has taken steps to mitigate the risk of this happening again by improving their network security environment and providing enhanced training to employees on dealing with sensitive information.