The bad news? A state Health and Human Services (HHSC) had to notify 61,104 citizens that their personal information had been improperly accessed, and several months later began notifying another 33,529 with the same bad news. Unfortunately, the personal information of those who had either applied for or received government assistance between June 2021 and January 2025 may have been inappropriately accessed, used or disclosed. The good news? HHSC have found the perpetrators – fraudsters who were able to slip under the radar of HHSC’s fraud detection system with a job application.
Beginning in November of 2024, HHSC began investigating a series of breaches for Medicaid, food stamps and other assistance programs…only to discover that its systems had been hacked by its own employees. To date, nine employees have been fired for accessing almost 95,000 individual accounts without a necessary business reason. The incidents and the fraudsters have been reported to the state’s Health and Human Services Office of Inspector General (OIG) for investigation and coordination with prosecutor offices to pursue criminal charges.
The intent behind the fraudsters’ breach has yet to be disclosed, as well as the end game for the compromised personal identifying information. It is not yet known how many of those account holders had their benefits compromised. But victims should assume the worst. HHSC has determined full names, home addresses, telephone numbers, dates of birth, email addresses, Social Security numbers, Medicaid and Medicare identification numbers, financial, employment, banking, benefits, health, insurance, medical, certificate, license and other personal information have been compromised.
Shout out to the HHSC for being on the case.
Today’s Fraud of The Day is based on article “Fired state employees breached personal data of 33,529” published on May 1, 2025.
The Health and Human Services Commission late Wednesday began notifying another 33,529 recipients of state benefits that their private information had been improperly accessed. The latest announcement comes as the state agency continues to investigate a series of breaches by its own employees of its database for Medicaid, food stamp and other assistance programs.
Three months ago, the state notified 61,104 that their personal information may have been improperly accessed by state employees. At that time, seven state employees tied to the breach had been fired, including two who stole from recipients’ food stamp cards. In February, the agency notified lawmakers that another two state employees had been fired, bringing to a total of nine state employees who had accessed individuals’ accounts without a stated business reason.
