On Tuesday, April 11th, the Iowa Department of Health and Human Services (HHS) announced that a data breach from last summer affected several thousand Iowa Medicaid members. The breach occurred between June 30, 2022 and July 5, 2022, and impacted approximately 20,800 members.
The breach happened to Independent Living Systems (ILS), a subcontractor for Telligen, Inc., which performs annual assessments for Medicaid members to ensure they are receiving the correct level of care. ILS detected the network intrusion and reported it to the FBI, which then launched an investigation into the incident.
HHS has informed the affected members that the breach led to the compromise of their full names, Medicaid details, and other sensitive information. Iowa Medicaid Director Elizabeth Matney released a statement saying, “We regret the inconvenience and the concern this incident may cause Medicaid members in Iowa. HHS will continue to do everything possible to protect member information from unauthorized access.” Letters are being sent to all affected members this week regarding the breach.
How Healthcare Facilities Can Prevent Data Breaches
"Healthcare facilities are a prime target for data breaches," said Chris Close, a cybersecurity expert with Cyber Sleuth Security Garnet Valley. "It's essential for these organizations to take the necessary steps to protect patient data and prevent a data breach from occurring."
When asked about the best way to prevent an attack, Close said, "The most effective way to protect against a data breach is to have a comprehensive security system in place. This should include firewalls, antivirus software, and 24/7 monitoring. With these measures in place, health care facilities can detect any suspicious activity and respond quickly to mitigate the risk of a data breach."
He also stressed the importance of employee training. "Healthcare organizations should also make sure their staff is well-versed in cyber security and understands the importance of protecting patient data. Training employees on best practices and making sure they are aware of the potential risks is a key step in preventing a data breach."