Gainwell, which runs the state’s Medicaid Management Information System, alerted TennCare of the breach in October. An investigation of the incident found that about 3,300 mailings sent out in late 2019 and 2020 may have been misaddressed and delivered to the wrong person.
The mailings, managed by the state’s vendor Axis Direct, contained protected health information of TennCare members. In a statement to the network, Gainwell said it is not aware of any members’ personal information having been misused as a result of the incident. The state is now offering free credit monitoring to the impacted members.
“TennCare is committed to safeguarding the information of our members. We have confidence in Gainwell and the process undertaken to identify the error that impacted certain members and correct it,” said TennCare Director Stephen Smith, according to the report.
More articles on cybersecurity:
HHS updates HIPAA guidance for health information exchanges sharing PHI: 4 details
Officials shut down fake Moderna, Regeneron websites that allegedly stole users’ info for cyberattacks
Brigham and Women’s Hospital newsletter revealed 880 recipient emails
