Non-profit alleges that web hosting platform failed to apply security patches
The Florida Healthy Kids Corporation (FHKC), a US provider of children’s health insurance, has traced a data breach affecting thousands of individuals to a cyber-attack on its web hosting platform.
“Several thousand addresses” submitted to the FHKC website along with insurance applications were “inappropriately accessed and tampered with”, according to an FHKC press release published on January 28.
Other sensitive personal data submitted with the applications was also potentially exposed “over a seven-year period” in which “significant vulnerabilities” were present on a web hosting service and databases maintained by Jelly Bean Communications Design.
In a security alert, FHKC alleged that the “web hosting vendor had failed to apply security patches to its software”.
Potentially exposed data includes full names, dates of birth, email addresses, phone numbers, physical addresses, social security numbers, secondary insurance information, familial relationships to the child in question, and financial details such as earnings, alimony, and child support.
An investigation by FHKC found no evidence that this “personal information was altered, used, or accessed”, or “removed from the system”.
FHKC says it temporarily shut down its website and affected databases after being notified of the incident on December 9. The insurance application function “will remain down” until “restored by our new web hosting vendor”, it adds.
Affected individuals – anyone who applied for or renewed insurance coverage online between November 2013 and December 2020 – have been advised to sign up to free fraud alerts and credit freezes with credit reporting agencies and to monitor financial statements and credit reports for suspicious activity.
FHKC said it would review its “current security practices and policies to identify ways to strengthen them”, and is “accelerating efforts previously underway to transition the website to a new vendor”.
Florida Healthy Kids, a non-profit, public-private partnership, provides subsidized health and dental insurance for children aged 5-18 under the state-run Florida KidCare program.
FHKC declined to comment further in response to further queries from The Daily Swig, which has also contacted Jelly Bean Communications Design for further details about the breach.