Names and Social Security numbers of about 9,700 Marylanders with disabilities were exposed when a hacker breached a state contractor's computer systems in October, state health officials said Monday.
The breach of Service Coordination Inc. involved a document that contained information on 70 percent of its clients, a company spokesperson said. The document also included clients' medical assistance numbers, Medicaid status, demographics and other information related to their case management.
The company's systems were hacked between Oct. 20 and Oct. 30. The company provides case management for 13,900 Marylanders with intellectual and developmental disabilities.
State health officials and the company made the breach public after an investigation that involved the FBI and U.S. Department of Justice. Law enforcement officials identified an alleged hacker and seized equipment and accounts from the person, state health officials said.
FBI officials could not be reached for comment.
The hack could be particularly challenging, since many people with disabilities depend on caregivers and family members to manage their finances, according to Annagale Watson of the League for People with Disabilities.
Watson, the organization's development and volunteer services manager, said caregivers often have several responsibilities and could easily miss a notification about the breach. For many people with disabilities, the only way they'd realize their information had been stolen would be if it affected their benefits, she said.
"These are people who don't often check their account, do credit checks or do cross-checking," she said.
Virginia Marcus, executive director for the Maryland Disabilities Law Center, said the hacking could exacerbate an already desperate need for legal services among the state's disabled population.
"Some of these people are going to be especially vulnerable. ... These are people who have a great need for legal help in every aspect of their life," she said. "We get many more requests for assistance than we can handle here."
Depending on the severity of their disability, Marcus said, people may have more difficulty figuring out what steps they need to take to make sure their information is secure.
"It's as terrible for people with disabilities as anybody," she said. "It's terrible that this has occurred."
The hacking follows recent breaches affecting Maryland college students and staff. An attack at the University of Maryland, College Park last month exposed the names and Social Security numbers of nearly 300,000 students, faculty and staff going back as far as 1992. A breach at the Johns Hopkins University late last year, disclosed earlier this month, compromised names and email addresses of 848 biomedical engineering students.