Image

Image

It is possible that Medicaid enrollees’ full names, Medicaid ID numbers, dates of birth, address, diagnoses, medical conditions or Social Security numbers were accessed in part or full. At this time, the Agency believes it is possible that the personal information of up to 30,000 individuals may have been partially or fully accessed. Although the review is ongoing, the Agency believes that only approximately 6 percent of these individuals could be confirmed as having their Medicaid ID or social security numbers potentially accessed.Following its discovery of the potential breach, the Agency conducted a review of its IT systems to learn more about how the incident occurred. It also instituted a new security training program for all employees. Florida's Inspector General has yet to release its full review of the phishing attack. While it awaits those findings, the Agency for Health Care Administration has decided to notify all potentially affected Medicaid recipients about the breach and to provide them with one year of free membership in Experian's IdentityWorks program. Those concerned can learn more about the breach and the Agency's response by calling 1-844-749-8327. As Endgadget's Jon Fingas rightly notes, this incident illustrates the fragility of many organizations' medical systems. It should therefore serve as a reminder to all companies that they must take steps to maintain the security of their electronic medical record systems. For information on how Tripwire can help in this regard, click here.