VA Dept. of Medical Assistance Services

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Virginia Department of Medical Assistance Services (DMAS), which oversees Virginia’s Medicaid program, experienced a significant data breach reported on September 18, 2023. This incident, identified as a “Hacking/IT incident” involving a “Network Server,” compromised the personal information of approximately 1,229,333 residents[1][7][9]. This breach is part of a series of cybersecurity issues faced by the department, with another incident reported earlier on August 9, 2023, affecting over 423,000 individuals[4]. The exact nature of the compromised data has not been detailed, but given the scale, it likely included sensitive health and personal information typically associated with Medicaid services.

DMAS began notifying affected individuals through data breach letters, advising them of the breach and the steps they could take to protect themselves from potential fraud or identity theft[1][2][4]. The department has been under scrutiny for its handling of data security, with previous incidents highlighting vulnerabilities in its Medicaid data and information systems[15]. These breaches raise concerns about the department’s ability to safeguard the sensitive information of its over 1.4 million beneficiaries[1].

Legal and cybersecurity experts recommend that affected individuals take immediate steps to protect their personal information, such as monitoring their credit reports, changing passwords, and considering legal advice to understand their rights and potential for compensation[2][7][16]. The full impact of these breaches, including the potential for identity theft and fraud, may not be fully understood for some time[16].

The repeated incidents underscore the importance of robust cybersecurity measures, especially for government agencies handling vast amounts of sensitive personal data. They also highlight the need for prompt and transparent communication with affected individuals and comprehensive support to mitigate the risks of identity theft and fraud following such breaches.

Citations:

  1. https://www.jdsupra.com/legalnews/virginia-department-of-medical-5615812/
  2. https://www.myinjuryattorney.com/virginia-department-of-medical-assistance-services-data-breach-investigation/
  3. https://coverva.dmas.virginia.gov/media/1152/medical-assistance-handbook_2019_-12142021-rev-final.pdf
  4. https://www.jdsupra.com/legalnews/virginia-department-of-medical-4219611/
  5. https://news.va.gov/press-room/va-notifies-veterans-of-compromised-personal-information/
  6. https://virginiamercury.com/2024/01/26/three-interesting-bills-medical-debt-mobile-home-park-tenant-rights-and-state-data-breaches/
  7. https://www.myinjuryattorney.com/virginia-department-of-medical-assistance-services-data-breach-investigation-update/
  8. https://www.oag.state.va.us/index.php/component/content/article?id=510&id=510
  9. https://www.legalserviceslink.com/articles/viewArticle/console-associate-pc-data-breach-at-virginia-department-of-medical-assistance-services-impacts-12-million-update-/
  10. https://www.cms.gov/Medicare-Medicaid-Coordination/Medicare-and-Medicaid-Coordination/Medicare-Medicaid-Coordination-Office/FinancialAlignmentInitiative/Downloads/VirginiaContract.pdf
  11. https://www.dmas.virginia.gov
  12. https://www.hhs.gov/sites/default/files/static/dab/decisions/board-decisions/2002/dab1838.html
  13. https://law.lis.virginia.gov/vacode/title32.1/chapter5/section32.1-127.1:05/
  14. https://www.va.gov/ORMDI/HPP.asp
  15. https://oig.hhs.gov/oas/reports/region4/41505066.pdf
  16. https://colevannote.com/data-breach-virginia-dept-of-medical-assistance-services/
Breach Submission Date Sep 14, 2023
Converted Entity Name VA Dept. of Medical Assistance Services
Converted Entity Type Health Plan
State VA
Individuals Affected 928
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes