Large-scale medical hacks are horrible in themselves, but sometimes it’s the ease of the hacks that’s scary — and Florida knows this first-hand. The state’s Agency for Health Care Administration has warned that a phishing attack compromised data for as many as 30,000 Medicaid recipients. One of its staffers fell for a “malicious phishing email” on November 15th, giving hackers access not only to identifying info like names, addresses and Medicaid ID numbers, but also diagnoses and medical conditions. A would-be fraudster would theoretically have almost everything they could want.
The agency claimed there was “no reason to believe” the info had been abused, but that’s not much consolation. It’s not clear who was responsible for the attack or what their motivations might be. At least some previous attacks were conducted by Chinese hackers hoping to learn about American health care, but this could also be the work of private scammers or state-sponsored agents with alternate methods.
The breach illustrates how medical networks continue to be fragile: an email is all it took to directly expose the most sensitive data of thousands of users. The AHCA is taking a step to resolve this by training staff on security measures, but you might not see a lasting solution until private info is further separated from the outside world.