Tallahassee-based children Medicaid health plan Florida Healthy Kids Corp. began notifying members on Jan. 27 of a 7-year data breach that exposed the personal information of hundreds of thousands of health plan applicants. The health plan said it discovered that several thousand applicants’ information was inappropriately accessed and tampered with as a result of the breach. Information of applicants and enrollees that was exposed included Social Security numbers, dates of birth, names, addresses, and financial information.
<p>Cybersecurity threats evolve over time, which means that data controllers need to be ever vigilant that their security measures meet not only the requirements of the current threat landscape but those in the foreseeable future. Unfortunately, the <a href=\"https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.ibm.com/security/digital-assets/cost-data-breach-report//&source=gmail&ust=1612272681743000&usg=AFQjCNEpDHnxyFv4EffE6vqNGgzJb73CMw\">IBM Cost of a Data Breach report</a> has shown us over many years that healthcare systems are the slowest to identify and contain a breach. This all despite the reality that health information is valuable to attackers for multiple reasons, and where errors in data could impact patient health – a situation made all that more concerning when the patients are children.</p> <p>This incident should serve as a wake-up call for any organisation, healthcare or otherwise, that is assuming that their provider is keeping pace with the current threat landscape. If you are in a regulated industry, and your provider can’t demonstrate they currently meet the audit requirements for your industry, then they may not be the provider for you. Similarly, if you’re not having regular discussions about cybersecurity with a provider that touches your data, or that of your customers, then that should be remedied as quickly as possible. Ultimately, you are responsible for the data collected and processed on your behalf.</p>