Hackers expose data of 30,000 Florida Medicaid patients

An employee of Florida’s Agency of Healthcare Administration fell for a malicious phishing email, which allowed hackers to access Medicaid enrollee data, including some Social Security numbers.
By Jessica Davis
12:15 PM
Share
phishing attack

Florida’s Agency of Healthcare Administration. Credit: Twitter

Florida’s Agency of Healthcare Administration is notifying 30,000 Medicaid patients their data may have been breached after an employee fell for a malicious phishing email in November.

The agency discovered the event on Nov. 20 and reported the event to its Inspector General. Officials were notified of preliminary results of an Inspector General review last week, which found no other systems or email accounts were part of the incident.

However, hackers possibly accessed Medicaid enrollee names, Medicaid ID numbers, dates of birth, addresses, diagnoses, medical conditions and Social Security numbers. The data of up to 30,000 patients was partially or fully accessed, and Social Security numbers or Medicaid IDs exposed for about 6 percent.

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

After the breach, the agency required employees to change login credentials to prevent further access and took steps to remediate the breach. Further, the agency implemented new security training, in addition to its ongoing training, to improve its security training for all employees and is looking into additional security functions.

Officials conducted a full review of the organization’s data to determine the circumstances around the breach, which is still ongoing. But those impacted are being offered a year of free credit monitoring.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com