Service Coordination Inc. (SCI), which provides case management services to Maryland residents, recently announced that its computer systems were breached between October 20 and October 30 of 2013 (h/t SC Magazine).
During the breach, SCI says, the hacker gained access to files containing personally identifiable information (PII) and personal health information (PHI) of Maryland residents, which had been provided to SCI by the Maryland Developmental Disabilities Administration (DDA).
Data potentially accessed by the hacker includes approximately 9,700 names, Social Security numbers, medical assistance numbers, Medicaid and Medicaid Waiver status and reasons, DDA direct service providers, demographics, and other case management information.
Following the discovery of the breach on October 30, 2013, SCI hired a cyber security forensics consultant and alerted DDA, the FBI, and the U.S. Department of Justice.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"During the course of the ensuing criminal investigation, the Department of Justice required that notice to affected individuals be delayed so as not to impede their criminal investigation," SCI said in a statement. "That delay was recently lifted after law enforcement identified the alleged hacker, conducted a search of the alleged hacker's home and seized certain of the alleged hacker's equipment and accounts."
At this point, according to SCI, there's no indication that the hacker misused or released the stolen information.
All those affected are being offered one year of free identity protection services.