A cyber-attacker gained unauthorised access to an app run by Maximus, which manages data for Ohio Medicaid.

The incident potentially exposed providers’ names, social security numbers, addresses and other information. But people covered by Medicaid, which covers health care costs, were unaffected, local media reported.

A credentialing and licencing data app was accessed by an unknown party between 17 and 19 May before Maximus took it offline, launched an investigation with a cyber security firm, activated response protocols, and notified law enforcement.

There is no evidence any of the exposed information has been misused and no other Maximus server, application or customer were affected, the Virginia-based contractor of government health data services said. It posted letters to affected providers on 18 June.

PrivSec Global

Make sure to register to PrivSec Global now and tune into “Data Breaches: It Does Happen to Every Company, It Does Happen All The Time, and It Is a Big Deal.”

23 June at 3pm BST | 4pm CEST | 9pm HK

Speakers include:

  • Carter Schoenberg, VP Cybersecurity and Chief Cybersecurity Officer, SoundWay Consulting Inc
  • Jennifer Beckage, Founder, Esq., CIPP/US, CIPP/E, Beckage
  • Victoria van Roosmalen, CISO/DPO, Coosto
  • Rebecca Perry, CIPP US/G, Director of Strategic Partnerships, Exterro

Find Out More