Florida Medicaid Data Breach Impacts 30,000 Patients

For as many as 30,000 Florida Medicaid patients, 2018 is starting off with some unwelcome news: their personal data may have been exposed following a November 2017 breach. As Healthcare IT News first reported, Florida’s Agency for Healthcare Administration, which operates the state’s Medicaid program, announced in a press release earlier this month that the source of the breach was a “phishing” e-mail from a hacker that an agency employee opened. “At this time, the Agency has no reason to believe individuals’ information has been misused,” officials stated in the release. All the same, “In an abundance of caution and to help individuals detect any possible misuse of this information, we are providing a one-year membership in Experian’s IdentityWorks program for those affected by the breach.”

According to the agency’s press release, hackers may have been able to gain access to a wide variety of personal information from Florida Medicaid patients, including “enrollees’ full names, Medicaid ID numbers, dates of birth, address, diagnoses, medical conditions, or Social Security numbers.” While an initial review by the agency inspector general led officials to conclude that only a small percentage (roughly six percent) of enrollees likely had their full Social Security or Medicaid numbers stolen, and while the agency believes that, currently, there’s “no reason to believe individuals’ information has been misused,” an investigation is ongoing. The agency also noted that it had not only “taken steps to protect personal information” of those who may have been impacted, but also “[taken] swift action to help prevent this type of event from happening again.” Those measures included investigations of the breach and its source, as well as new security training programs for agency employees.

As we’ve reported more than once, large-scale health care data breaches have often dominated headlines in recent years, and have impacted numerous people. Indeed, an Accenture study from 2017 found that 26 percent of Americans have had their data breached. And in May of last year, the “WannaCry” ransomware attack caused chaos around the world, including for health care organizations. For their part, organizations have frequently been criticized by experts for a failure to take cybersecurity seriously. A December study from researchers at firm Black Book, for example, found that the majority of health care organizations lack cybersecurity leadership, and that many fail to adhere to cybersecurity best practices, potentially putting them at risk.

Click here to read the Healthcare IT News article on the Florida Medicaid data breach.

Click here to read the Florida Agency for Healthcare Administration press release on the data breach.


Leave a Reply