MM Curator summary
The website that hosts the application for multiple Florida Medicaid programs had a data vulnerability for 7 years that exposed personal identity and financial information.
The article below has been highlighted and summarized by our research team. It is provided here for member convenience as part of our Curator service.
Tallahassee-based children Medicaid health plan Florida Healthy Kids Corp. began notifying members Jan. 27 of a 7-year data breach that exposed the personal information of hundreds of thousands of health plan applicants.
The health plan was notified Dec. 9 of the security breach and launched an investigation, which found there had been “significant vulnerabilities” since 2013 on its website and databases that support the online children health insurance application. The vulnerabilities lasted from November 2013 to December 2020, when the health plan temporarily shut down its website.
The health plan said it discovered that several thousand applicants’ information was inappropriately accessed and tampered with as a result of the breach. Information of applicants and enrollees that was exposed included Social Security numbers, dates of birth, names, addresses and financial information.
During the time of the breach, Jelly Bean Communications Design was maintaining the health plan’s website and databases. The health plan said it is speeding efforts to move the website to a new vendor. The health plan incorporates four programs that offer health insurance for children from birth to age 18: Medicaid, MediKids, Florida Healthy Kids and the Children’s Medical Services program, according to local CBS affiliate WPEC.
The health plan said it has not confirmed that personal information was removed from the system as a result of the incident and recommended that individuals who applied for or enrolled with the health plan between November 2013 and December 2020 set up fraud alerts or security freezes.