Florida Blue discovered a potential online breach in personally identifiable information of patients on August 30, 2017. According to the investigation conducted, Real Time Health Quotes (RTHQ), an unaffiliated insurance agent, uploaded to the cloud a back up of 475 insurance applications of the patients. The files comprise agency files, health data files, dental files and life insurance applications of patients from 2009 to 2014. Because the files were stored in an unsecured cloud server, the files were left vulnerable and could have been accessed by any person.
It is indeed possible that the personally identifiable information could have been accessed. However, Florida Blue did not receive any report regarding the malicious use of leaked patient information. The patient information included in the files are the names, demographic information, birth dates, Social Security numbers, medical histories, some banking and payment information. When RTHQ knew about the unsecured cloud storage, the issues of vulnerability were addressed right away and access to the information was blocked from unauthorized persons.
The 939 patients whose information was compromised got breach notification by mail some time in late October. Florida Blue was not the reason why the breach occurred and had no affiliation with RTHQ. Nevertheless, Florida Blue still offered the affected applicants two years of free identity theft protection services. Florida Blue also submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights.
The investigation into this breach incident is not yet over. Law enforcement is still attempting to know how RTHQ got the application information from the store to the unsecured cloud server.