Virginia Department of Medical Assistance Services Files Another Notice of Data Breach with the Federal Government

Console and Associates, P.C.

On September 18, 2023, the Virginia Department of Medical Assistance Services (“DMAS”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”). This is the second notice DMAS filed with the HHS-OCR in recent months. However, it has not yet been confirmed if these notices refer to the same incident or if this is an unrelated data breach. Regardless, the most recent listing indicates that the incident leaked personal information belonging to 1,229,333 residents. Upon completing its investigation, DMAS began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from the Virginia Department of Medical Assistance Services, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Virginia DMAS data breach. For more information, please see our recent piece on the topic here.

What Caused the Virginia DMAS Breach?

The Virginia DMAS data breach was only recently announced, and more information is expected in the near future. And, unfortunately, the DMAS filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. Thus, at this point, all we know is that the sensitive information of 1,229,333 people was compromised as a result of a “Hacking/IT incident” involving a “Network Server.”

After learning that sensitive consumer data was accessible to an unauthorized party, Virginia DMAS reviewed the compromised files to determine what information was leaked and which consumers were impacted.

The HHS-OCR notice does not provide what data types were leaked in the DMAS data breach. However, typically, only those entities that experience a breach impacting the Protected Health Information of more than 500 people are required to notify HHS-OCR.

Virginia DMAS notified HHS-OCR of the breach on September 18, 2023. Typically, this is around the time when organizations send out data breach letters to those who were affected by the breach. These letters should provide victims with a list of which information of theirs was compromised.

More Information About Virginia Department of Medical Assistance Services

Virginia Department of Medical Assistance Services is the entity that oversees Virginia’s Medicaid program. Virginia DMAS currently provides coverage to more than 1.4 million Virginians.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide