Florida officials announced late Friday that hackers may have accessed the personal information and medical records of up to 30,000 Medicaid recipients in November.
The state’s Agency for Health Care Administration said in a Friday evening news release that one of its employees “was the victim of a malicious phishing email” on November 15, and they learned of the incident five days later on 20 November, after which they notified the notified the Inspector General who launched an investigation “to identify if any protected health information was potentially accessed.”
The preliminary findings of an Inspector General investigation found that hackers may have partly or fully accessed the enrollees’ full names, Medicaid ID numbers, birthdates, addresses, diagnoses, medical conditions and Social Security numbers.
The AHCA said no other agency systems or email accounts were involved in the phishing attack.
“The agency takes this matter very seriously,” Florida’s Agency for Health Care Administration(AHCA) said in a statement.
The state agency said it was training employees on security protocols following suspected breach but said it had “no reason to believe” the information had been misused. The agency provided a hotline for Medicaid recipients to call-844-749-8327.
Cyber threats have long posed issues for health providers and agencies handling sensitive data, with cybersecurity concerns about personal information reaching the federal government in the past as well.