On September 1, 2023, the Indiana Family and Social Services Administration (“FSSA”) posted a notice explaining that software used by CareSource, a managed care entity for some Indiana Medicaid enrollees, experienced a security breach that exposed the protected health information of an estimated 212,193 Indiana Medicaid members. In this notice, FSSA explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, Social Security numbers, dates of birth, genders, medical conditions, diagnoses, medications, allergies, health conditions, member IDs and plan names. Upon completing its investigation, FSSA began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from CareSource discussing information you provided to the Indiana Family and Social Services Administration, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Indiana FSSA CareSource / MOVEit data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Indiana Medicaid Recipients?

The data breach at the Indiana FSSA affecting Indiana Medicaid enrollees was only recently announced, and more information is expected in the near future. However, FSSA’s website notice provides some important information on what led up to the breach. CareSource also provided notice of the incident on its website.

According to these sources, CareSource manages the benefit plans for some Indiana Medicaid recipients. CareSource also uses a files-transfer program called MOVEit, which is created by Progress Software.

On May 31, 2023, MOVEit was hacked. Immediately thereafter, CareSource patched its instance of MOVEit and launched an investigation to determine what, if any, consumer information was compromised.

After learning that sensitive consumer data was accessible to an unauthorized party, CareSource reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, date of birth, gender, medical conditions, diagnoses, medications, allergies, health conditions, member ID and plan name.

On September 1, 2023, Indiana FSSA posted notice of the incident on its website, indicating that CareSource will be sending out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Indiana Family and Social Services Administration

The Indiana Family and Social Services Administration is a health care and social services funding agency for Indiana residents. The Indiana FSSA was established by the Indiana General Assembly in 1991 to consolidate and integrate the provision of human services by the state government. The eight care divisions in FSSA oversee services to more than 1.5 million Indiana residents.

More Information About CareSource

Founded in 1989, CareSource is a nonprofit, multi-state health plan based out of Dayton, Ohio. CareSource provides health care coverage for Medicaid consumers as well as other insurance plan offerings available on the Health Insurance Marketplace. CareSource serves more than 2 million members across six states, including Georgia, Indiana, Kentucky, Ohio, and West Virginia. CareSource employs more than 4,500 people and generates approximately $12.4 billion in annual revenue.