Privacy & Security

Molina Healthcare breached, exposed patient data for over a month

A security flaw in the Medicaid insurer’s patient portal could have allowed anyone to access patient medical claims data with a simple change to the URL.
By Jessica Davis
May 30, 2017
12:41 PM

Molina Healthcare, a major Medicaid and Affordable Care Act insurer, shut down its patient portal on Friday in response to a security flaw that exposed patient medical claims data without requiring authentication, according to security researcher Brian Krebs.

At the time, it’s unclear how long the vulnerability was in place.

Brian Krebs was first made aware of the security flaw in April through an anonymous tip, which could allow any Molina patient to access other patients’ medical claims by simply changing a single number in the URL.

[Also: The biggest healthcare breaches of 2017]

Even worse -- no authentication was required to access patient claims information online.

“It's unconscionable that such a basic, Security 101 flaw could still exist at a major healthcare provider today," said Krebs. “However, the more I write about these lame but otherwise very serious vulnerabilities at healthcare firms the more I hear about how common they are from individual readers.”

The exposed records don’t appear to contain Social Security numbers, but include names, addresses, birthdates, diagnosis, medication and other medically pertinent information. This type of data is frequently used for medical fraud.

Molina told Krebs it had fixed the problem, while it’s investigating how it could have occurred and if the flaw was abused.

“Because protecting our members' information is of utmost importance to Molina and out of an abundance of caution, we are taking our ePortal temporarily offline to perform additional testing of our system security," officials said in a statement.

The company didn’t reveal to Krebs the number of records exposed, but it does appear all patient data was affected. Molina serves 4.8 million customers in 12 states and Puerto Rico.

Molina’s patient portal currently has a banner that says the site is “under maintenance.”

“We are in the process of conducting an internal investigation to determine the impact, if any, to our customers’ information and will provide any applicable notifications to customers and/or regulatory authorities,” officials said in a statement. “Protecting our members’ information is of utmost importance.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Privacy & Security

More regional news

Nurses huddled together look at electronic health records on a tablet.

Epic and Marquette collaborate on EHR training for nursing students

By
Andrea Fox
October 31, 2023
HHS headquarters in Washington

New information blocking rules from HHS could cost noncompliant providers thousands

By
Mike Miliard
October 31, 2023
Physician using multiple EHRs and IT systems

Clinician EHR struggles compromise patient care, study shows

By
Nathan Eddy
October 31, 2023
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

HHS headquarters in Washington
New information blocking rules from HHS could cost noncompliant providers thousands

Most Read

Guardrails, data governance key to solid generative AI outcomes
AHA security leader sees 'AI-fueled cyber arms race'
Multiple data access deals signed in Korea for digital health research
FBI dismantles Qakbot malware targeting hospitals
Boards are grasping cyber threats, but CISOs still feel underprepared
Is your hospital ready for 3-4 weeks of downtime?

Research

White Papers

More Whitepapers

Artificial Intelligence
Analytics
Precision Medicine

Webinars

More Webinars

Analytics
Analytics
Privacy & Security

Video

Elise Kohl-Grant, cochair of the programming committee at the HIMSS New York State Chapter
New York State Chapter of HIMSS focuses on health equity
Dr. Michael Poku, chief clinical officer at Equality Health
Addressing health equity's cost curve
Dr. Michael Pfeffer at Stanford Health Care_Photo: Doctor using tablet by Sean Anthony Eddy/E+/Getty Images
CIO Spotlight: Dr. Michael Pfeffer of Stanford Health Care
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link

More Stories

A pharmacist doing an inventory using a digital tablet.
There is no escaping making investments in cybersecurity...
group of healthcare workers talking over hospital bed
Modernizing clinical placement to accelerate clinician training and recruitment
A male doctor sits with another man and they are looking at SDOH data on a mobile device.
Tufts Medical Center to pilot nutrition screening in EHR
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link
Yale New Haven Health
Yale New Haven radiologists boost CT scan reviews with AI
Dubai Health Authority
The current state of Dubai’s healthcare digital transformation journey
Leah Dewey, VP of clinical and consumer engagement operations at Cotiviti.
Payers have a part to play in addressing health disparities
Christie Teigland, vice president of research science and advanced analytics at Inovalon.
Medicare Advantage plans' star ratings to be affected by Health Equity Index