Hartford HealthCare Medicaid Portal Breach Exposes Data of 22,500 Patients A cyberattack on the Connecticut Medicaid provider portal compromised sensitive information for approximately 22,500 patients, authorities confirmed. The breach, discovered on March 25, involved a hacker using stolen credentials from Hartford HealthCare employees to access the system on March 4. The attack targeted the portal managed by Gainwell Technologies, the fiscal agent for Connecticut’s HUSKY Medicaid program, in collaboration with the Connecticut Department of Social Services (DSS). Investigators, working with federal law enforcement and external cybersecurity experts, determined the incident was financially motivated rather than an attempt to steal patient data. The hacker’s access was terminated, and the breach was contained. Exposed data varied by individual but included full names, Medicaid claim identification numbers, dates of medical services, billing details, payment amounts, and non-Medicaid insurance policy information. Notably, Social Security numbers and financial account details were not accessed, as they were not stored in the compromised system. In response, DSS and Gainwell secured the portal, implemented additional security measures, and began notifying affected individuals via mail on May 22. The notifications included offers for credit monitoring, identity protection, and fraud support services. Impacted individuals were directed to call 1-855-744-4488 for further assistance.

Gainwell Technologies, the fiscal agent for Georgia’s Medicaid program, experienced a data breach in July 2024 when an unauthorized caller accessed a reimbursement account. The intruder viewed billing statements containing sensitive information of 912 Medicaid recipients, including names, Medicaid member IDs, coverage details, payment information, and service date ranges. While Social Security numbers were not exposed, the breach involved protected health information (PHI), raising concerns about potential identity theft or fraud. The company stated there was no evidence of misuse but offered one year of free credit monitoring via IDX (an identity theft protection service) to affected individuals. The breach was limited to billing data, with no indication that individual member accounts were directly compromised. Gainwell, contracted by Georgia’s Department of Community Health, disclosed the incident publicly and notified impacted patients.

An unauthorized person had accessed 1,200 Wisconsin Medicaid members participant's information in a program. The exposed information included names, member identification numbers, and billing codes for services received. Gainwell investigated the incident and offered free credit monitoring for one year as well as given access to a dedicated call center to answer questions. Gainwell and DHS worked together to prevent this from happening in the future.