The Wisconsin Department of Health Services (DHS) announced that an unauthorized individual gained access to an email account on February 19, 2021. This unauthorized access was disabled quickly following discovery that day. DHS conducted an investigation of the unauthorized access, and determined that it may have exposed names, member identification numbers, dates of birth, some Social Security numbers, address, and health information such as medical conditions and treatment information. No known exposure has occurred. DHS identified individuals whose information may have been accessed through its investigation of this incident.
On June 4, 2021, notifications were mailed to 2,868 individuals who received services from Wisconsin’s Family Care, IRIS, or Children’s Long-Term Support programs, and whose information may have been accessed. Out of an abundance of caution, these individuals have been offered free credit monitoring for one year as well as given access to a dedicated call center to answer questions they might have.
Since discovering the unauthorized access on February 19, 2021, the Wisconsin Department of Health Services has taken actions to improve its security posture. DHS has also requested that the Department of Administration and the State’s Chief Information Security Officer conduct a review of Department of Health Services’ security protocols protecting personal health information including the adequacy of our information system protections against malicious phishing attacks.