Confidential information about almost 7,000 Medicaid recipients in the state was exposed in a data breach caused by a mistake at the Iowa Department of Health and Human Services (HHS). According to a HHS news release on Monday, a file containing confidential information on 6,717 Iowans receiving Medicaid was “inadvertently posted to the Department’s website on February 16, 2026.”
“This file contained Medicaid subscriber IDs, the name of Medicaid waiver programs associated with those IDs, and the date that assessments for eligibility were scheduled or conducted,” the news release states. “The file did not contain subscriber names, addresses, or any other contact or health information for the affected individuals.”
It took four days for HHS staff to realize the information had been made public and remove the file from the website.
“Iowa HHS has provided additional training to staff and is reviewing processes and procedures to prevent this from occurring in the future,” the release said. HHS said it was informing the public of the data breach 52 days after the file was removed “[o]ut of an abundance of caution.” The department is also “notifying all individuals who were impacted by this incident” for the same reason, according to the news release.
The statement from HHS on Monday contains information about how to receive a free annual credit report from the three major credit monitoring companies, freeze the information in a credit report, as well as links to information about dealing with identity theft.
