Datalogic Software, Inc. (“Datalogic”) recently experienced a security incident that may have impacted the protected health information (“PHI”) of approximately 7,200 individuals whose information was provided to Datalogic for processing on behalf of the Texas Health and Human Services Commission (“TX HHSC”). Datalogic provides Medicaid Electronic Visit Verification and claims processing services for TX HHSC and has informed them of the security incident.
What happened?
On December 5, 2020, Datalogic discovered a security incident impacting certain systems. As soon as it learned of the incident, it began an internal investigation and took the impacted systems offline to address the incident and ensure the security of its environment. Datalogic also began working with independent cybersecurity specialists to help determine what had occurred, and whether any information was at risk. The investigation determined that on November 30, 2020, an unauthorized actor gained access to certain Datalogic systems and, on December 5, 2020, deployed malware within the environment. The investigation also showed that Datalogic’s application databases were not accessed, and information stored in these databases remains secure. However, the investigation determined that certain files containing PHI may have been accessed by the unauthorized actor. Datalogic worked with cybersecurity specialists to perform a detailed review of the files, and on January 19, 2021, identified those individuals whose PHI was impacted by the incident. Letters were mailed to impacted individuals and appropriate regulatory agencies on February 3, 2021.
What information was involved?
From Datalogic’s investigation, it appears that impacted information may have included member names, addresses, dates of birth, state Medicaid numbers, and health- and treatment‑related information. For 188 individuals, Social Security numbers were also impacted.
What is Datalogic doing?
Datalogic is offering individuals whose Social Security numbers were impacted credit monitoring and identity theft protection through IDX at no cost. Datalogic has also taken steps to minimize the risk of a similar event from happening in the future, including resetting all passwords and implementing additional controls for all types of remote access to its systems. In addition, Datalogic has notified and is cooperating with federal law enforcement.
For more information: To determine whether your information was impacted or for more information about this incident, please call 1-833-726-0932. Individuals can also contact the Federal Trade Commission at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261 or visit www.ftc.gov/idtheft/ for more information on protecting their identity.