Molina Healthcare, a significant insurer in Medicaid and state exchanges throughout the nation, has shut down its on-line affected person portal because it investigates a possible knowledge breach which will have uncovered delicate medical data.
The corporate stated Friday that it closed the web portal for medical claims and different buyer data whereas it examined a “safety vulnerability.” It isn’t clear what number of affected person data might need been uncovered and for the way lengthy. The corporate has greater than four.eight million prospects in 12 states and Puerto Rico.
“We’re within the strategy of conducting an inner investigation to find out the affect, if any, to our prospects’ data and can present any relevant notifications to prospects and/or regulatory authorities,” Molina stated in an announcement Friday. “Defending our members’ data is of utmost significance.”
Brian Krebs, a widely known cybersecurity professional who runs the Krebs on Safety web site, stated he notified the corporate of the potential breach earlier this month and wrote about it on his web site Thursday. Molina stated it was already conscious of the safety vulnerability when contacted.
Till not too long ago, Krebs stated, Molina “was exposing numerous affected person medical claims to all the web with out requiring any authentication.”
Krebs stated the knowledge he noticed on-line included sufferers’ names, addresses, dates of delivery and data on their medical procedures and drugs.
“It is unconscionable that such a primary, safety 101 flaw might nonetheless exist at a significant well being care supplier,” Krebs stated. “This data is extra delicate than bank card knowledge, however it appears much less protected.”
Krebs stated he acquired an nameless tip in April from a Molina member who stumbled upon the issue when attempting to view his medical declare on-line. The tipster discovered that by altering a single quantity within the web site deal with he might then view different affected person claims, in keeping with Krebs.
Krebs stated the Molina member confirmed him screenshots of his personal medical data and the way when he modified the online deal with barely it then displayed data of one other affected person. On Friday, the Molina web site advised prospects that the web portal was “beneath upkeep.”
Well being care firms, hospitals and different suppliers should report knowledge breaches to U.S. officers. Molina emphasised that it was nonetheless investigating the matter so had not but reported it. Federal regulators can levy important fines for violations beneath the Well being Insurance coverage Portability and Accountability Act, often known as HIPAA.
Many safety specialists query the flexibility of well being care firms and suppliers to safeguard huge troves of digital medical data and different delicate knowledge, significantly at a time when cybercriminals are concentrating on medical data.
Molina, primarily based in Lengthy Seaside, Calif., posted $17.eight billion in annual income final yr.
Molina made information earlier this month with the shock firing of its prime two executives, who’re sons of the corporate’s founder. Each CEO J. Mario Molina and his brother, finance chief John Molina, have been ousted. The corporate’s board stated Molina’s disappointing monetary efficiency led to the administration change.
Molina has grown extra distinguished throughout the rollout of the Inexpensive Care Act, as Medicaid expanded and state insurance coverage exchanges launched. The corporate serves greater than 1 million folks by means of Obamacare exchanges throughout a number of states. It has almost 69,000 enrollees within the Coated California change, or about 5 p.c of the market.
This story was produced by Kaiser Well being Information, which publishes California Healthline, an editorially unbiased service of the California Well being Care Basis.
This text was reprinted from kaiserhealthnews.org with permission from the Henry J. Kaiser Household Basis. Kaiser Well being Information, an editorially unbiased information service, is a program of the Kaiser Household Basis, a nonpartisan well being care coverage analysis group unaffiliated with Kaiser Permanente.