Hartford HealthCare Medicaid Portal Breach Exposes Data of 22,500 Patients
A cyberattack on the Connecticut Medicaid provider portal compromised sensitive information for approximately 22,500 patients, authorities confirmed. The breach, discovered on March 25, involved a hacker using stolen credentials from Hartford HealthCare employees to access the system on March 4.
The attack targeted the portal managed by Gainwell Technologies, the fiscal agent for Connecticut’s HUSKY Medicaid program, in collaboration with the Connecticut Department of Social Services (DSS). Investigators, working with federal law enforcement and external cybersecurity experts, determined the incident was financially motivated rather than an attempt to steal patient data. The hacker’s access was terminated, and the breach was contained.
Exposed data varied by individual but included full names, Medicaid claim identification numbers, dates of medical services, billing details, payment amounts, and non-Medicaid insurance policy information. Notably, Social Security numbers and financial account details were not accessed, as they were not stored in the compromised system.
In response, DSS and Gainwell secured the portal, implemented additional security measures, and began notifying affected individuals via mail on May 22. The notifications included offers for credit monitoring, identity protection, and fraud support services. Impacted individuals were directed to call 1-855-744-4488 for further assistance.
Source: https://www.wfsb.com/2026/05/22/data-breach-exposes-information-22500-connecticut-medicaid-patients/
Hartford HealthCare cybersecurity rating report: https://www.rankiteo.com/company/hartford-healthcare
Gainwell Technologies cybersecurity rating report: https://www.rankiteo.com/company/gainwell-technologies
Connecticut Department of Social Services cybersecurity rating report: https://www.rankiteo.com/company/social-services-connecticut-department-of
"id": "HARGAISOC1779481525",
"linkid": "hartford-healthcare, gainwell-technologies, social-services-connecticut-department-of",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '22,500',
'industry': 'Healthcare',
'location': 'Connecticut, USA',
'name': 'Hartford HealthCare',
'type': 'Healthcare Provider'},
{'customers_affected': '22,500',
'industry': 'Healthcare IT',
'name': 'Gainwell Technologies',
'type': 'Fiscal Agent'},
{'customers_affected': '22,500',
'industry': 'Public Sector',
'location': 'Connecticut, USA',
'name': 'Connecticut Department of Social Services '
'(DSS)',
'type': 'Government Agency'}],
'attack_vector': 'Stolen Credentials',
'customer_advisories': 'Notifications sent via mail on May 22, 2024, with '
'offers for credit monitoring, identity protection, '
'and fraud support services. Contact number: '
'1-855-744-4488',
'data_breach': {'data_exfiltration': 'No',
'number_of_records_exposed': '22,500',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate',
'type_of_data_compromised': ['Full names',
'Medicaid claim identification '
'numbers',
'Dates of medical services',
'Billing details',
'Payment amounts',
'Non-Medicaid insurance policy '
'information']},
'date_detected': '2024-03-25',
'date_publicly_disclosed': '2024-05-22',
'description': 'A cyberattack on the Connecticut Medicaid provider portal '
'compromised sensitive information for approximately 22,500 '
'patients. The breach involved a hacker using stolen '
'credentials from Hartford HealthCare employees to access the '
'system.',
'impact': {'data_compromised': 'Sensitive patient information',
'identity_theft_risk': 'Moderate',
'payment_information_risk': 'None (financial account details not '
'exposed)',
'systems_affected': 'Connecticut Medicaid provider portal'},
'initial_access_broker': {'entry_point': 'Stolen employee credentials'},
'investigation_status': 'Completed',
'motivation': 'Financial',
'post_incident_analysis': {'corrective_actions': 'Additional security '
'measures implemented',
'root_causes': 'Stolen credentials'},
'references': [{'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Notifications via mail, credit '
'monitoring and identity protection '
'offered',
'containment_measures': 'Terminated hacker access, secured '
'portal',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Federal law enforcement',
'remediation_measures': 'Additional security measures '
'implemented',
'third_party_assistance': 'External cybersecurity experts'},
'title': 'Hartford HealthCare Medicaid Portal Breach Exposes Data of 22,500 '
'Patients',
'type': 'Data Breach'}