Molina Healthcare Investigates Possible Theft of Patient Information

Officials at Molina Healthcare closed its online portal for claims information last Friday, fearing a breach of cybersecurity that may have exposed the medical information of some of its 4.8 million members, Kaiser Health News Reports. The company operates in 12 states and Puerto Rico.

The company said in a statement: “We are in the process of conducting an internal investigation to determine the impact, if any, to our customers’ information and will provide any applicable notifications to customers and/or regulatory authorities. Protecting our members’ information is of utmost importance.”

The story came to light thanks to Brian Krebs, a cypersecurity expert who runs a website called Krebs on Security. In April, a Molina beneficiary contacted Krebs and explained that he found a flaw when checking his online medical information. He changed one numeral in the patient identification code, and another patient’s information came up.

Krebs told Kaiser Health News: “It’s unconscionable that such a basic, security 101 flaw could still exist at a major health care provider. This information is more sensitive than credit card data, but it seems less protected.”

By law, a health care organization must contact federal officials when there is an online security breach. But Kaiser Health News reports that, “Molina emphasized that it was still investigating the matter so had not yet reported it. Federal regulators can levy significant fines for violations under the Health Insurance Portability and Accountability Act, also known as HIPAA.”

Molina Healthcare, which focuses on Medicaid coverage, is a big participant in Obamacare, servicing about 1 million people on the ACA exchanges. Earlier this month, it made news when its board of directors fired the Molina brothers: CEO J. Mario Molina, and CFO John Molina, because of financial difficulties the company faces.

Source: Kaiser Health News (link is external)