Ohio Medicaid provider data may have been breached in cybersecurity incident

The Ohio Department of Medicaid said Monday that personal data of the state's Medicaid providers may have been breached by a cybersecurity hacker. 

Maximus, the department's contracted provider for data management, experienced a cybersecurity incident a month ago, the company said. An "unknown party" had unauthorized access to an application's data between May 17 and May 19.

Personal information about healthcare providers, including names, dates of birth and Social Security numbers, could have been stolen, said Maximus.

Information regarding Medicaid patients or beneficiaries was not affected.

The company took the impacted application offline, launched an investigation and contacted law enforcement. The Medicaid department is monitoring the investigation.

Only that single application was affected, said the company. It is offering 24 months of credit monitoring services to individuals impacted by the incident.

Maximus said it learned of the incident on May 19 and that "because the unauthorized activity was detected at a very early stage, Maximus believes our quick response limited potentially adverse impacts."

But questions as to why it took a month for the public to be notified of this incident were not answered by the company.

Titus Wu is a reporter for the USA TODAY Network Ohio Bureau, which serves the Columbus Dispatch, Cincinnati Enquirer, Akron Beacon Journal and 18 other affiliated news organizations across Ohio.