Idaho Department of Health & Welfare

The Idaho Department of Health and Welfare (DHW) experienced a data breach on April 18, 2023, when an unauthorized individual gained access to a payment account belonging to a Medicaid healthcare provider. This breach potentially exposed personal and health information of 2,501 Medicaid members, which is approximately 0.7% of the total Idaho Medicaid enrollment. The information that may have been compromised includes names, member identification numbers, billing codes, and dates for certain services received by these members. However, there has been no evidence to suggest that any of the potentially exposed information has been misused[1][2][7].

Gainwell Technologies, the fiscal agent providing services for the Division of Medicaid, discovered the breach on May 12, 2023, and immediately terminated the unauthorized access. Following the discovery, Gainwell and DHW initiated an investigation into the incident and reported it to the FBI. Affected members were notified about the breach on June 9, 2023, and were offered free credit monitoring and identity theft protection services for one year, provided by IDX, along with access to a dedicated call center to address any concerns related to the incident[1][2][7].

DHW Director Dave Jeppesen emphasized the importance of protecting personal health and financial information and stated that DHW is working closely with Gainwell to learn from the event and implement improvements to prevent future incidents. The breach has highlighted the need for enhanced security measures to safeguard sensitive information against unauthorized access[1].

For those affected by the breach, it is recommended to take advantage of the offered credit monitoring and identity theft protection services and to remain vigilant for any signs of identity theft or fraudulent activity. Additionally, individuals should be cautious about sharing personal information, especially via SMS, email, or phone, to further protect themselves from potential cyber threats[5].

Citations:

1. https://healthandwelfare.idaho.gov/news/medicaid-members-offered-free-credit-and-theft-protection-monitoring-after-possible-data
2. https://www.hipaaguidelines101.com/data-breaches-reported-by-idaho-department-of-health-and-welfare-utah-department-of-health-and-human-services-and-other-healthcare-providers/
3. https://www.ktvb.com/article/news/local/local-data-breach-at-idaho-department-of-health-and-welfare/277-b2e6dc87-2aaf-4c55-8742-4c04670f5133
4. https://www.hipaajournal.com/managed-care-of-north-america-hacking-incident-impacts-8-9-million-individuals/
5. https://www.idstrong.com/sentinel/the-idaho-dhw-data-breach/
6. https://oig.hhs.gov/oas/reports/region9/91203009.pdf
7. https://idahonews.com/news/local/idaho-medicaid-provider-suffers-data-breach-affecting-over-2500-members
8. https://healthandwelfare.idaho.gov/services-programs/medicaid-health/about-medicaid-adults
9. https://publicdocuments.dhw.idaho.gov/WebLink/DocView.aspx?dbid=0&id=26222&repo=PUBLIC-DOCUMENTS
10. https://casetext.com/case/kw-by-his-next-friend-dw-et-al-plaintiffs-v-richard-armstrong-in-his-official-capacity-as-director-of-the-idaho-department-of-health-and-welfare-paul-leary-in-his-official-capacity-as-medicaid-administrator-of-the-idaho-department-of-health-and-welfa
11. https://www.idahostatesman.com/news/northwest/idaho/article276341046.html
12. https://isb.idaho.gov/blog/beware-laws-affecting-healthcare-transactions/
13. https://publicdocuments.dhw.idaho.gov/WebLink/DocView.aspx?dbid=0&id=26221&repo=PUBLIC-DOCUMENTS
14. https://ground.news/article/data-breach-at-idaho-department-of-health-and-welfare