Cyberattack Occurred On Contractor's Computer System; Iowa Medicaid System Was Not Breached


The Iowa Department of Health and Human Services (HHS) announces today that some Medicaid members' personal information was compromised in a national data breach affecting a contractor's computer system last year. The Iowa Medicaid system was not breached.

"Medicaid takes the privacy of Iowans' personal and health information seriously," said Elizabeth Matney, Iowa Medicaid Director. "We regret the inconvenience and the concern this incident may cause Medicaid members in Iowa. HHS will continue to do everything possible to protect member information from unauthorized access."

Iowa Medicaid, a division of HHS, works with private contractors to help deliver health care in Iowa. One of those contractors is Telligen, Inc. which performs annual assessments for Medicaid members to ensure they are receiving the correct level of care. Telligen subcontracted part of that work to Independent Living Systems (ILS).

Between June 30 and July 5, 2022, ILS suffered a data breach that resulted in the exposure of personal information belonging to more than four million individuals across several states. Data for approximately 20,800 Iowa Medicaid members was involved in this breach. The breach led to the compromising of information, such as full names, Medicaid details, and other sensitive information.

ILS detected the network intrusion on July 5, 2022, and reported the incident to the FBI and other authorities. An investigation was launched to determine what data was compromised. As the investigation was concluding, ILS informed Telligen of the breach on February 14, 2023. Telligen notified Iowa HHS and Medicaid on February 17, 2023.

ILS has taken steps to mitigate the risk of this happening again by improving their network security environment and providing enhanced training to employees on dealing with sensitive information.

Iowa Medicaid is mailing letters to all affected members this week. Those letters will include details on what information was compromised and how to protect themselves from unauthorized use of their information. The letters also include information on how to access free credit monitoring, and how to obtain a free copy of their credit report.

Medicaid members with questions can reach out to Iowa Medicaid Member Services toll free at 833-257-1764 Monday through Friday 8 a.m.to 5 p.m. central daylight time.

Comments

Submit a Comment

Please refresh the page to leave Comment.

Still seeing this message? Press Ctrl + F5 to do a "Hard Refresh".