Failure to Patch Results in 7-Year Breach of Florida Medicaid Applicants’ PHI

HIPAA Journal

Steve Alder

The Tallahassee, FL-based Medicaid health plan, Florida Healthy Kids Corporation, has discovered its web hosting provider failed to patch vulnerabilities which were exploited by cybercriminals to gain access to its website and the protected health information of applicants for benefits for the past 7 years.

Florida Healthy Kids used Jelly Bean Communications Design, LLC. for hosting its website. The website included an online application that recorded information about individuals when they applied for Florida KidCare benefits or renewed their health or dental coverage online.

On December 9, 2020, Jelly Bean Communications notified Florida Healthy Kids that unauthorized individuals had gained access to the website and tampered with the addresses of several thousand applicants. Florida Healthy Kids engaged cybersecurity experts to conduct an investigation to determine the scope and severity of the breach.

Florida Healthy Kids temporarily...

Get the Morning Update

Thanks for subscribing!