At what point do state Attorney Generals and the federal investigators step in? This wasn't just a normal data breach, they got patient info AND provider account information. It is probably much worse than this press release even admits.
https://portal.ct.gov/dss/press-room/press-releases/connecticut-department-of-social-services-and-gainwell-technologies-notice-of-data-security-incident?language=en_US
Gainwell can’t be trusted with anyone’s data.
I like having free credit monitoring services anytime some big company gets breached
The linked document may not tell the whole story, but it sounds like this may be due to compromised provider credentials. That wouldn't be a Gainwell issue per se, unless there were weaknesses in the system that facilitated the compromise. Reads more like a social engineering or phishing based attack to get the credentials. Be interested to see coverage from a neutral source.
And if course the usual joke of a response.... credit monitoring services? That doesn't come close to remediating leaks of sensitive health information.