For seven years Florida Healthy Kids Corporation, a Medicaid health plan provider, left its online application platform unprotected, unbeknownst to them. More details on the Medicaid data breach are discussed.
Florida Healthy Kids Medicaid Data Breach
Florida Healthy Kids contracted a third-party web hosting provider, Jelly Bean Communications Design, LLC., to manage their website. On December 9, 2020, Jelly Bean Communications notified Florida Healthy Kids that it had detected unauthorized access to the health plan provider’s online application forum.
This unauthorized access allowed for the impermissible modification of thousands of applicants’ protected health information (PHI), mainly their home addresses. However, it is unclear how many patients were ultimately affected by the Medicaid data breach.
Upon notification of the Medicaid data breach, Florida Healthy Kids temporarily disabled its website and launched an investigation into the incident. The investigation determined that there were several vulnerabilities in the web hosting provider’s systems that allowed access to Florida Healthy Kids’ website. These vulnerabilities, going back to November 2013, existed due to Jelly Bean Communications’ failure to install patches that would have prevented the unauthorized access.
Although there was no evidence that the PHI was exfiltrated, unauthorized individuals had the potential to access patient names, dates of birth, home addresses, email addresses, phone numbers, Social Security numbers, financial information, family relationships of individuals included in the application, and secondary insurance information.
Patients affected by the incident have been sent breach notification letters that include steps they can take to protect their identities such as security freezes and setting up fraud alerts.
Importance and Benefits of Security Patch Management
When vulnerabilities in software are discovered, the software provider generally develops a security patch to address the issue. The benefits of installing security patches include reducing risk of cyberattacks, protecting organization and patient data, and protecting the organization’s network. When organizations fail to install security patches in a timely manner, they are often left unprotected against hackers who are quick to exploit these vulnerabilities. This is why it is so important to install security patches as soon as they become available.