Florida's Agency for Health Care Administration is notifying 30,000 Medicaid enrollees their personal information may have been compromised when one of the agency's employees was the victim of a phishing email attack, AHCA confirmed to Becker's Hospital Review.
The agency learned of the event Nov. 20, 2017 — just five days after it occurred — and began a review of the incident. No other agency systems or email accounts were involved. While the review is ongoing, agency leadership was provided preliminary findings Jan. 2.
It is possible that Medicaid enrollees' full names, Medicaid ID numbers, dates of birth, address, diagnoses, medical conditions or Social Security numbers were accessed in part or full. However, AHCA added it could only confirm about 6 percent of these individuals had their Medicaid ID or Social Security numbers potentially accessed.
In an abundance of caution, AHCA is providing affected individuals one free year of membership in Experian's IdentityWorks program. Enrollees are encouraged to call the agency's dedicated hotline, 1-844-749-8327, for steps on how to protect themselves.
In the wake of the incident, AHCA added additional safeguards to protect members' personal information, including conducting a full review of agency IT data to determine the circumstances of the breach; initiating new and ongoing security training to ensure proper security protocol for all employees; and exploring additional security options to protect against further breaches.
More articles on cybersecurity:
GE, Roche partner to build digital diagnostics platform for oncology, critical care
Medical device supplier DJO Global notifies Las Vegas hospital of lost patient data