30,000 Florida Medicaid Enrollees At Risk Of Identity Fraud

TALLAHASSEE, Fla. – Duped by a phony phishing scam, a Florida state employee may have inadvertently allowed hackers to penetrate sensitive information on as many as 30,000 Medicaid enrollees. Anyone affected by the breach is eligible for a one-year membership in Experian’s IdentityWorks program. Officials believe that 6 percent of enrollees have had their Medicaid ID numbers or Social Security numbers compromised.

"It is possible that Medicaid enrollees’ full names, Medicaid ID numbers, dates of birth, address, diagnoses, medical conditions or Social Security numbers were accessed in part or full," officials from Florida's Agency for Health Care Administration told Patch on Monday. "Although the review is ongoing, the agency believes that only approximately 6 percent of these individuals could be confirmed as having their Medicaid ID or Social Security numbers potentially accessed."

State officials said that the breach occurred on Nov. 15 when an Agency for Health Care Administration worker fell for a "malicious phishing email." According to the Federal Trade Commission, such scams use fraudulent emails, texts or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or login IDs and passwords. Scammers use phishing emails to get access to your computer or network and then they install programs like ransomware that can lock you out of important files on your computer.

"The agency learned of the event on Nov. 20, 2017 and no other agency systems or email accounts were involved," Florida officials said. "The agency promptly reported the event to the inspector general, who initiated a review to identify if any protected health information was potentially accessed."

Officials said that they take the matter "very seriously" and have taken steps to better protect personal information in the future. The preliminary findings of a review were shared with agency officials on Jan. 2. Prior to the review, the employee changed their login credentials to stop inappropriate access.

"At this time, the agency has no reason to believe individuals’ information has been misused. However, in an abundance of caution and to help individuals detect any possible misuse of this information, we are providing," officials explained.

For more information, enrollees may call the agency’s hotline at 1-844-749-8327.

The following are the steps that the agency took following the incident:

• Immediate measures were put in pace to remediate the breach and begin an ongoing review of potentially impacted information.
• Officials conducted a full review of agency IT data to determine the circumstances of the breach.
• The agency implemented new and ongoing security training.
• Officials are exploring additional security options to protect against further breaches.

"The Agency is notifying all potentially affected enrollees in accordance with state and federal law, including information on credit monitoring services," officials added.

Image courtesy state of Florida