The unauthorized person gained access to information relating to about 22,500 individuals, DSS said in a news release on Friday. The information did not involve Social Security numbers or financial account information, according to DSS.
DSS and Gainwell Technologies, which provides account administration services for the Connecticut Medicaid program, or HUSKY, learned on March 25 that “an unauthorized third party had gained access to a small number of Hartford HealthCare’s payment accounts on the HUSKY provider portal website and downloaded certain files containing patient information from that website,” DSS said.
An investigation with the help of external cybersecurity experts was launched in coordination with federal law enforcement. The investigation determined that the unauthorized activity began when the hacker used compromised credentials of Hartford HealthCare employees to access user accounts on the provider portal on March 4, according to DSS.
DSS and Gainwell secured the provider portal to prevent further activity and made the portal inaccessible to the hacker. Investigators also confirmed that the attack was successfully contained and the unauthorized third party does not have access to the portal. The state agency and Gainwell said they are implementing additional security enhancements to mitigate the risk of future incidents.
“External investigators have determined that the unauthorized third party’s activities appeared to be financially motivated, rather than directed at obtaining patient data,” DSS said.
The hacker gained access to varying information on the 22,500 individuals, including their full name, identification number with a Hartford HealthCare account or Medicaid claim, dates of medical services and information about services received and how they were billed. The hacker also accessed payment information, including amounts paid, and information about applicable non-Medicaid health insurance, including policy and group number, according to DSS.
“This incident did not involve Social Security numbers or financial account information as that information is not available in the system to which the third party gained access,” DSS said.
DSS and Gainwell began notifying affected individuals via mail on May 22. The notifications include an offer of credit and identity monitoring services and fraud support services.
Individuals who believe they may be affected are asked to call 1-855-744-4488 for information.
Click Here For The Original Source.
