Phishing Attack on Florida Healthy Kids Corporation Impacts 2,000 Patients

45 CFR § 164.530

Florida Healthy Kids Corporation, a manager of the Florida KidCare program, was recently victimized by a phishing scam. On July 25, 2017, some employees received phishing emails in their inboxes. A few company staff responded to email and unintentionally gave the hackers access to the sensitive data of the KidCare program members. The company only discovered the phishing attack the following day and immediately blocked the access to the compromised email accounts. Even though mitigations to avert the effects of the breach were prompt, the hackers already accessed the email accounts including their sensitive data for around 24 hours.

During this time frame, it’s very likely that emails were viewed and sensitive data duplicated. Despite the fact that no report was received regarding the misuse of the compromised information, it cannot be certain that no information was really stolen.

An examination of the affected email accounts showed that the private data of 2,000 persons was possibly accessed. Florida Healthy Kids Corporation sent notifications by mail to 1,700 persons on September 7, 2017 regarding the potential compromise of their personal data. It was not possible to contact the other 300 persons because there was no valid contact information on record. A substitute breach notification was posted on the website and on the online accounts page of all affected persons so they would know about the breach the next time they login to their accounts.

The information that was possibly compromised include names, phone numbers, addresses, Social Security numbers and family account numbers. Because there was no password disclosed, the hackers were not able to access the Florida KidCare online family accounts. Persons affected by the breach were given credit monitoring services for one year at no cost via LifeLock. Florida Healthy Kids Corporation stated that updates to policies and procedures will be implemented to avert the same breaches from happening again.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: