Iowa Medicaid Suffers Third-Party Data Breach, 20K Impacted

April 13, 2023 - The Iowa Department of Health and Human Services announced that approximately 20,000 Medicaid members may have had their personal information compromised as a result of a third-party data breach.

Iowa Medicaid worked with Telligen, a third-party contractor that performed annual assessments for Medicaid members. Telligent subcontracted with Independent Living Systems (ILS), which suffered a breach between June 30 and July 5, 2022. As previously reported, ILS reported the breach to HHS in March as having impacted 4.2 million individuals in total.

Data belonging to approximately 20,800 Iowa Medicaid members was involved he breach, including names, Medicaid details, and other sensitive information.

“Medicaid takes the privacy of Iowans’ personal and health information seriously,” said Elizabeth Matney, Iowa Medicaid Director. “We regret the inconvenience and the concern this incident may cause Medicaid members in Iowa. HHS will continue to do everything possible to protect member information from unauthorized access.”

Iowa Medicaid said it would provide enhanced training to employees on handling sensitive information.

Sarah D. Culbertson Memorial Hospital Restores Critical Systems Following Cyberattack

Sarah D. Culbertson Memorial Hospital in Rushville, Illinois discovered a network disruption on March 30 that required it to take its systems offline, a news release posted on the hospital’s Facebook page stated.

“This action disabled access to most functions while we investigated the activity,” the notice continued.

Further investigation revealed that Culbertson was the victim of a cybersecurity incident, but it is still working to understand the depth of the intrusion.

As of April 11, Culbertson had fully restored its critical systems. As part of its restoration efforts, the hospital also made necessary security updates to its systems.

Retina & Vitreous of Texas Discloses Data Security Incident

Retina & Vitreous of Texas notified individuals of a data security incident that potentially impacted the protected health information (PHI) of current and former patients.

Retina & Vitreous discovered unusual network activity on February 1, 2023 and later found evidence of unauthorized system access. The breach involved current and former patient names, addresses, diagnosis and treatment information, insurance subscriber identification numbers, and insurance carrier information.

The practice notified impacted individuals of the incident on April 10.

“The privacy and protection of personal and protected health information is a top priority for Retina & Vitreous,” the notice stated. “We deeply regret any inconvenience or concern this incident has caused.”