Robert T. Garrett reports that a breach that significantly impacted Texas Medicaid patients last year was not fully or accurately disclosed to the state by the subcontractor at the time.
A Texas Medicaid subcontractor has been terminated after a data-privacy breach caused by a ransomware attack from Russia last year exposed the personal information of tens of thousands of low-income residents.
The state reportedly only learned that Texas Medicaid patients suffered the brunt of the breach when they were contacted by the Dallas Morning News with questions about the attack.
Original communications to the state by prime contractor Accenture apparently described a multi-state incident involving health care providers and insurance billing and collections for health plans ranging well beyond Medicaid.
That would mirror other notifications Accenture’s collections subcontractor, Houston-based Benefit Recovery Specialists Inc. or BRSI, made to the federal government and the public last summer.
Read more on Dallas Morning News. This was a Maze ransomware attack in the early part of 2020, but disclosures by the subcontractor were over the summer. Benefit Recovery Specialists reported the incident to HHS on June 26 as impacting 274,837.