Breach cyber

Gainwell Technologies

Jul 1, 2024 2 min read
Gainwell Technologies

Gainwell Technologies, the fiscal agent for Georgia’s Medicaid program, experienced a data breach in July 2024 when an unauthorized caller accessed a reimbursement account. The intruder viewed billing statements containing sensitive information of **912 Medicaid recipients**, including **names, Medicaid member IDs, coverage details, payment information, and service date ranges**. While **Social Security numbers were not exposed**, the breach involved protected health information (PHI), raising concerns about potential identity theft or fraud. The company stated there was **no evidence of misuse** but offered **one year of free credit monitoring** via IDX (an identity theft protection service) to affected individuals. The breach was limited to billing data, with no indication that individual member accounts were directly compromised. Gainwell, contracted by Georgia’s Department of Community Health, disclosed the incident publicly and notified impacted patients.

Source: https://www.augustachronicle.com/story/news/state/2025/09/26/breach-may-have-exposed-some-georgia-medicaid-recipients-health-information/86368605007/

TPRM report: https://www.rankiteo.com/company/gainwell-technologies

"id": "gai1992519092625",
"linkid": "gainwell-technologies",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '912 Medicaid Members',
                        'industry': 'Healthcare / Government Services',
                        'location': 'Georgia, USA',
                        'name': 'Gainwell Technologies',
                        'type': 'State Contractor (Fiscal Agent for Medicaid)'},
                       {'industry': 'Healthcare',
                        'location': 'Georgia, USA',
                        'name': 'Georgia Department of Community Health',
                        'type': 'Government Agency'}],
 'attack_vector': 'Social Engineering (Unauthorized Caller Access to '
                  'Reimbursement Account)',
 'customer_advisories': ['Offer of 1-year free credit monitoring via IDX',
                         'Dedicated helpline (1-833-788-9712) for assistance'],
 'data_breach': {'data_exfiltration': 'Viewed (No confirmation of data '
                                      'downloaded or exfiltrated)',
                 'file_types_exposed': ['Billing Statements'],
                 'number_of_records_exposed': '912',
                 'personally_identifiable_information': ['Names',
                                                         'Medicaid Member IDs',
                                                         'Coverage Details',
                                                         'Service Date Ranges'],
                 'sensitivity_of_data': 'High (Healthcare-related PII, but no '
                                        'SSNs)',
                 'type_of_data_compromised': ['Protected Health Information '
                                              '(PHI)',
                                              'Personally Identifiable '
                                              'Information (PII)',
                                              'Payment Information']},
 'date_detected': '2024-07-23',
 'date_publicly_disclosed': '2024-07-26',
 'description': 'An unauthorized caller gained access to a reimbursement '
                'account of Gainwell Technologies, the fiscal agent for '
                'Medicaid in Georgia, potentially exposing the private health '
                'information of over 900 Medicaid recipients. The exposed data '
                'included names, Medicaid member IDs, coverage details, '
                'payment information for claims, and service date ranges. '
                'Social Security numbers were not disclosed. Gainwell is '
                'offering free credit monitoring for one year to affected '
                'individuals.',
 'impact': {'brand_reputation_impact': 'Moderate (Public disclosure of breach, '
                                       'potential trust erosion)',
            'data_compromised': ['Names',
                                 'Medicaid Member IDs',
                                 'Coverage Details',
                                 'Payment Information for Claims',
                                 'Service Date Ranges'],
            'identity_theft_risk': 'Low to Moderate (No SSNs exposed, but PII '
                                   'and payment data compromised)',
            'operational_impact': 'Limited (No indication of misuse, but '
                                  'credit monitoring offered)',
            'payment_information_risk': 'Moderate (Payment information for '
                                        'claims exposed)',
            'systems_affected': ['Reimbursement Account System']},
 'initial_access_broker': {'entry_point': 'Reimbursement Account (via '
                                          'unauthorized phone call)',
                           'high_value_targets': ['Payment Information to '
                                                  'Providers']},
 'investigation_status': 'Ongoing (No indication of misuse detected as of '
                         'disclosure)',
 'motivation': 'Unknown (Potential Financial or Data Theft)',
 'post_incident_analysis': {'root_causes': ['Inadequate authentication for '
                                            'reimbursement account access',
                                            'Potential lack of caller '
                                            'verification protocols']},
 'references': [{'source': 'USA TODAY (via Capitol Beat News Service)'}],
 'regulatory_compliance': {'regulations_violated': ['Potential HIPAA Violation '
                                                    '(Unauthorized PHI '
                                                    'Access)']},
 'response': {'communication_strategy': ['Public disclosure via statement',
                                         'Notification letters to affected '
                                         'individuals',
                                         'Dedicated helpline (1-833-788-9712) '
                                         'for identity theft protection'],
              'incident_response_plan_activated': True,
              'remediation_measures': ['Offering 1-year free credit monitoring '
                                       'to affected individuals'],
              'third_party_assistance': ['IDX (Identity Theft Protection '
                                         'Service)']},
 'stakeholder_advisories': 'Notification letters sent to affected Medicaid '
                           'members',
 'threat_actor': 'Unknown (Unauthorized Caller)',
 'title': 'Data Breach of Medicaid Information in Georgia by Gainwell '
          'Technologies',
 'type': 'Data Breach / Unauthorized Access',
 'vulnerability_exploited': 'Insufficient Authentication/Authorization '
                            'Controls for Reimbursement Account Access'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.