State of Missouri Department of Social Services – Incident FAQ for Medicaid Providers


What happened?

 Your personal information may have been obtained, because international cyber criminals hacked into software used by IBM Consulting, called MOVEit.  The state uses the IBM software in its day-to-day operations.


When did this happen?

IBM was alerted that the hack may have occurred on May 28, 2023.


What personal information was exposed?   

The exposed information could contain personally identifiable information.


Was the information protected/encrypted?

The information was protected, but we believe it is possible the hackers were able to access it unencrypted, because of their methods.

How many providers are involved?

IBM and the state are both still investigating to determine how many providers are involved.  If we discover anything more specific about your information, we’ll contact you to let you know.


Have the police/local authorities been notified? If so, which police department and what is the case number?

The state is working with the Office of Civil Rights with the Department of Health and Human Services.  These are federal agencies.


How can I have my information removed from the server/directory?

We need to retain your information so we can continue doing business with you.


What is State of Missouri, Department of Social Services doing to prevent this kind of loss from happening again?

We are working closely with IBM to do forensic analysis of the incident to identify any areas where security can be strengthened.   That is going on right now.


If there are any updates regarding this notice, how will I be notified?

We will update our State of Missouri, Department of Social Services website with the most recent information.


Has the information been misused?

At this time, there is no evidence that there has been any use or attempted use of the information exposed in this incident.  There is no evidence that the cyber criminals have released any Missouri information at all.


What are the risks of identity theft with the information that was exposed?

IBM and the state are actively continuing their forensic analysis of the incident.  At this time there is no evidence that your information has been shared.  However, you can freeze your credit for free, which stops others from opening new accounts and borrowing money in your name while allowing you to continue to use existing credit cards or bank accounts.  DSS encourages you to review and/or monitor your credit reports during this time.  You can freeze your credit or request a free credit report from the three major reporting services.





Is there anything I need to do to in response to the exposure of my personal information?

You may take advantage of your rights to the free fraud alert services offered by the three major credit bureaus above. Placing fraud alerts will provide your credit with additional protection. In addition, doing so will give you access to copies of each of your credit reports at no cost to you.