Last month, Maximus Health Services — a large provider of contracted services for state, local and federal governments — reported hackers had accessed the health information of 8 to 11 million people.
They’ve now confirmed the breach affected about 110,000 residents of Pima County.
The Pima County Health Department contracted with Maximus during the pandemic to conduct COVID contact tracing and case investigations.
This spring, MOVEit — a third-party file transfer app — was hacked, exposing data managed by hundreds of companies, including almost one-third of the more than 360,000 Pima County patient records retained by Maximus.
The breach, which did not affect internal agency systems, exposed contact and identity info, test results and related data, but not Social Security numbers.
Maximus is offering two years of free Experian credit monitoring, but lacks contact info for about 40,000 of those affected, so residents who have not been contacted by the company should not assume they are in the clear.
Maximus did not respond to inquiries about data from other Arizona counties.