For seven years Florida Healthy Kids Corporation, a Medicaid health plan provider, left its online application platform unprotected, unbeknownst to them. More details on the Medicaid data breach are discussed.

Florida Healthy Kids Medicaid Data Breach

Medicaid Data Breach

Florida Healthy Kids contracted a third-party web hosting provider, Jelly Bean Communications Design, LLC., to manage their website. On December 9, 2020, Jelly Bean Communications notified Florida Healthy Kids that it had detected unauthorized access to the health plan provider’s online application forum. 

This unauthorized access allowed for the impermissible modification of thousands of applicants’ protected health information (PHI), mainly their home addresses. However, it is unclear how many patients were ultimately affected by the Medicaid data breach.

Upon notification of the Medicaid data breach, Florida Healthy Kids temporarily disabled its website and launched an investigation into the incident. The investigation determined that there were several vulnerabilities in the web hosting provider’s systems that allowed access to Florida Healthy Kids’ website. These vulnerabilities, going back to November 2013, existed due to Jelly Bean Communications’ failure to install patches that would have prevented the unauthorized access

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

Although there was no evidence that the PHI was exfiltrated, unauthorized individuals had the potential to access patient names, dates of birth, home addresses, email addresses, phone numbers, Social Security numbers, financial information, family relationships of individuals included in the application, and secondary insurance information.

Patients affected by the incident have been sent breach notification letters that include steps they can take to protect their identities such as security freezes and setting up fraud alerts.

Importance and Benefits of Security Patch Management

When vulnerabilities in software are discovered, the software provider generally develops a