The Ohio Department of Medicaid said Monday that personal data of the state's Medicaid providers may have been breached in a cybersecurity incident.
Maximus, the department's contracted provider for data management, experienced a cybersecurity incident about a month ago where an "unknown party" had unauthorized access to an application's data between May 17 and May 19.
Personal information about healthcare providers, including names, dates of birth and Social Security numbers, could have been stolen, said Maximus.
Information regarding Medicaid patients or beneficiaries was reportedly not affected.
The company took the impacted application offline, launched an investigation and contacted law enforcement. The Medicaid department is currently monitoring the investigation.
Only one single application was affected, said the company. It is offering 24 months of credit monitoring services to individuals impacted by the incident.
Maximus said it learned of the incident on May 19 and that "because the unauthorized activity was detected at a very early stage, Maximus believes our quick response limited potentially adverse impacts."
But questions as to why it took a month for the public to be notified of this incident were not answered by the company.
Story originally broken by The Beacon