The company closed the online portal for medical claims and other customer information while it examined a “security vulnerability.”
This article first appeared May 26, 2017 on Kaiser Health News.
By Chad Terhune
Molina Healthcare, a major insurer in Medicaid and state exchanges across the country, has shut down its online patient portal as it investigates a potential data breach that may have exposed sensitive medical information.
The company said Friday that it closed the online portal for medical claims and other customer information while it examined a “security vulnerability.” It’s not clear how many patient records might have been exposed and for how long. The company has more than 4.8 million customers in 12 states and Puerto Rico.
“We are in the process of conducting an internal investigation to determine the impact, if any, to our customers’ information and will provide any applicable notifications to customers and/or regulatory authorities,” Molina said in a statement Friday. “Protecting our members’ information is of utmost importance.”
Brian Krebs, a well-known cybersecurity expert who runs the Krebs on Security website, said he notified the company of the potential breach earlier this month and wrote about it on his website Thursday. Molina said it was already aware of the security vulnerability when contacted.
Until recently, Krebs said, Molina “was exposing countless patient medical claims to the entire internet without requiring any authentication.”
Krebs said the information he saw online included patients’ names, addresses, dates of birth and information on their medical procedures and medications.
Kaiser Health News is a national health policy news service that is part of the nonpartisan Henry J. Kaiser Family Foundation.