Florida Organization for Health Precaution Management Struck by Phishing Attack

An illegal person has accessed a single electronic mail account of a worker at the Agency for Health Precaution Management in Florida using a phishing cheat.

The worker received, and replied to, a malevolent phishing electronic mail on November 15, 2017 and communicated login particulars that allowed the assailant to distantly access his/her electronic mail account and, possibly, the PHI of up to 30,000 Medicaid persons.

The organization recognized the safety breach on November 20 and performed a password change to avoid more access. The phishing happening was also informed to the organization’s inspector general, who started an inquiry into the phishing attack. Initial reports from that inquiry were circulated to the public late previous week.

An organization press announcement on Friday showed that the illegal person might have fully or partially accessed info including names, medical conditions, diagnoses, dates of birth, addresses, Medicaid ID numbers, as well as Social Security numbers. Approximately 6% of persons in damage because of the happening had either their Social Security number or Medicaid ID disclosed.

Although data access was a possible result of the effective attack, Florida’s organization for Health Precaution Management hasn’t yet found any proof to show the undermined PHI has been stolen. As confidential information has possibly been seen and thieved, people affected by the occurrence have been informed to be cautious and inspect their accounts for indications of deceitful activity. All people affected by the breach have been provided free credit checking facilities for a duration of 12 months.

Prior to the phishing attack happening, the Florida Agency for Health Care Administration had set up a constant workforce coaching program, even though the incident has led to an analysis of that program and workforce have now been retrained on suitable safety procedures and the risks of phishing attacks. The organization is also thinking additional safety controls to decrease the risk caused by phishing.