Maximus

MAXIMUS notifies 3,029 patients after Business Ink mailing error exposes PHI.

The error involves letters prepared and mailed by the Company’s print vendor, Business Ink.

Because of the printing error, Business Ink accidentally mismatched one page of the six-page letter and some participants received information intended for another participant.

MAXIMUS on learning about the printing error promptly launched an investigation.

MAXIMUS has notified those program participants who were affected.

The information in the letters included names, addresses, group and case numbers, and program type.

The letters did not contain Social Security numbers, dates of birth, financial information, or information that could be used to access another person’s program account.

Source: https://www.databreaches.net/maximus-notifies-3029-patients-after-business-ink-mailing-error-exposes-phi/

TPRM report: https://scoringcyber.rankiteo.com/company/maximus

"id": "max235927722",
"linkid": "maximus",
"type": "Data Leak",
"date": "05/2018",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'customers_affected': '3,029 patients',
                        'industry': 'Healthcare',
                        'name': 'MAXIMUS',
                        'type': 'Company'}],
 'attack_vector': 'Printing Error',
 'customer_advisories': 'MAXIMUS has notified those program participants who '
                        'were affected.',
 'data_breach': {'number_of_records_exposed': '3,029',
                 'personally_identifiable_information': ['names', 'addresses'],
                 'type_of_data_compromised': ['names',
                                              'addresses',
                                              'group and case numbers',
                                              'program type']},
 'description': 'The error involves letters prepared and mailed by the '
                'Company’s print vendor, Business Ink. Because of the printing '
                'error, Business Ink accidentally mismatched one page of the '
                'six-page letter and some participants received information '
                'intended for another participant. MAXIMUS on learning about '
                'the printing error promptly launched an investigation. '
                'MAXIMUS has notified those program participants who were '
                'affected. The information in the letters included names, '
                'addresses, group and case numbers, and program type. The '
                'letters did not contain Social Security numbers, dates of '
                'birth, financial information, or information that could be '
                'used to access another person’s program account.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'group and case numbers',
                                 'program type']},
 'investigation_status': 'MAXIMUS on learning about the printing error '
                         'promptly launched an investigation.',
 'post_incident_analysis': {'root_causes': 'Printing error by Business Ink'},
 'response': {'communication_strategy': 'MAXIMUS has notified those program '
                                        'participants who were affected.'},
 'title': 'MAXIMUS notifies 3,029 patients after Business Ink mailing error '
          'exposes PHI',
 'type': 'Data Breach'}