Back

Gainwell Technologies Data Breach Exposes Patient Information of 22,500 Individuals

Severity: Medium (Score: 51.9)

Sources: portal.ct.gov, Claimdepot

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: gainwell, technologies, connecticut, data, department, services, breach

Severity indicators: breach, ot

Summary

On March 4, 2026, Gainwell Technologies experienced a data breach when an unauthorized third party accessed Hartford HealthCare payment accounts on the HUSKY provider portal using compromised employee credentials. The breach, which went undetected for approximately three weeks, affected around 22,500 individuals, exposing their full names, identification numbers, medical service dates, billing information, and non-Medicaid health insurance details. Importantly, Social Security numbers and financial account information were not compromised. The Connecticut Department of Social Services (DSS) and Gainwell Technologies initiated an investigation and took steps to secure the portal, successfully containing the threat. Affected individuals were notified by postal mail starting May 22, 2026, and offered credit monitoring services. The investigation confirmed that the breach appeared financially motivated rather than aimed at acquiring patient data. Key Points: • Unauthorized access to Hartford HealthCare accounts via compromised employee credentials. • Approximately 22,500 individuals affected, with exposure of sensitive patient information. • DSS and Gainwell Technologies have contained the breach and are enhancing security measures.

Detailed Analysis

**Impact** Approximately 22,500 individuals in Connecticut were affected by unauthorized access to patient information via the HUSKY Medicaid provider portal. The data exposed includes full names, identification numbers linked to Hartford HealthCare accounts or Medicaid claims, dates of medical services, billing details, payment amounts, and non-Medicaid health insurance information. Social Security numbers and financial account information were not compromised. The breach impacts the healthcare sector, specifically Medicaid program participants and providers in Connecticut. **Technical Details** The attack vector was compromised credentials of Hartford HealthCare employees used to access the HUSKY provider portal starting March 4, 2026. The threat actor accessed and downloaded files containing patient data from a limited number of payment accounts. The unauthorized activity remained undetected for approximately three weeks before discovery on March 25, 2026. No information on malware, specific tools, CVEs exploited, or infrastructure details was provided. **Recommended Response** Defenders should enforce multi-factor authentication and review credential management policies for provider portal access. Monitor for unusual login activity and access patterns on Medicaid-related systems. Notify affected individuals and offer credit monitoring and fraud support services. No specific patches or IOCs were provided; therefore, focus on credential security and network monitoring for unauthorized access attempts.

Source articles (2)

  • Gainwell Technologies Data Breach Exposes PHI and PII for 22,500 People — Claimdepot · 2026-06-05
    Gainwell Technologies LLC, a U.S.-based health IT company that partners with government agencies to manage Medicaid and public health programs, disclosed a data breach affecting approximately 22,500 i…
  • Connecticut Department Of Social Services And Gainwell Technologies Notice Of Data Security Incident — portal.ct.gov · 2026-06-05
    HARTFORD, CT - Gainwell Technologies (“Gainwell”) provides fiscal agent and account administration services for the Connecticut Medicaid program (“HUSKY”), administered by the Connecticut Department o…

Timeline

  • 2026-03-04 — Unauthorized access began: An unauthorized third party accessed Hartford HealthCare accounts using compromised credentials.
  • 2026-03-25 — Breach detected: DSS and Gainwell learned of the unauthorized access and initiated an investigation.
  • 2026-05-22 — Notification of affected individuals: DSS and Gainwell began notifying approximately 22,500 affected individuals by postal mail.
  • 2026-06-05 — Public disclosure of incident: DSS and Gainwell publicly disclosed the data breach and its implications on their websites.

Related entities

  • Data Breach (Attack Type)
  • Connecticut Department Of Social Services (Company)
  • Connecticut State Government (Company)
  • DSS (Company)
  • Gainwell Technologies (Company)
  • Gainwell Technologies LLC (Company)
  • Hartford HealthCare (Company)
  • United States (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • Healthcare (Industry)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1078 - Valid Accounts (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed