Molina Healthcare Online Portal Vulnerability Could Have Led to Unauthorized Access to Patient Records

Media Division | June 7, 2017

Patient medical records can hold extremely large amounts of sensitive information about an individual. This is what often makes them so valuable to a host of cyber attackers. Large caches of patient records are often stolen and then placed for sale on the black market, where they can pull in large amounts of money for the perpetrator. Not all patient records are exposed through aggressive hacks by cyber criminals, as some are leaked due purely to the neglect or mistake of a healthcare facility or peripheral organization. In a case of the latter, an overlooked vulnerability in the online portal of Molina Healthcare, a large insurance provider in Medicaid and state exchanges, has led to the potential exposure of a massive amount of patient records.

Anonymous Tip Leads to a Discovery

The vulnerability was first investigated by Brian Krebs of Krebs on Security, who had received an anonymous tip from a Molina member in April. The tipper had said that by changing one number in the URL of the portal, they were able to view the patient claims of other individuals. They had sent screenshots demonstrating that when a single number was changed, the site would display a separate patient’s records without any needed authorization. When Krebs had investigated the tip, he had found that the information able to be accessed included names, dates of birth, addresses, and procedure and medication data.

Many data breaches have happened as a result of similar security holes like this. Organizations continue to overlook or neglect basic security policies or implementations, leading to sensitive information being exposed through elementary methods. There had been similar instances of this several times throughout the past few months, including a kid’s toy and bank database. There is far too much information now held and transferred through electronic means for organizations to operate like this. It is one thing when a cyber criminal is able to aggressively breach an organization through clever hacking, but it is on another level to have important data leaked as a result of lacking basic security. Every database and other systems that will be connected to cyberspace need to be thoroughly vetted and fortified before it is able to be accessed.

The Importance of Data Breach Solutions

Virtually every organization in our modern society stores information digitally, which means they not only need to be able to protect it but also be able to mitigate damage in the event of a breach. This is the value of data breach solutions. In the event of a successful breach, there are numerous actions that an organization must take. This could include securing the immediate hole, thoroughly investigating the incident, notifying those affected, and tracing and eliminating the source of the breach. Realistically, a single data breach of significant magnitude can be the downfall of an organization, and even more so when it is not mitigated and addressed properly. The customers or clients of an organization need to see that the situation is being properly addressed so that there is not further detriment, and that security is being fortified to prevent it from happening again. The immediate data or fund loss is only one side of the situation, as there is also the factor of consumer trust and reputation damage. Massive Alliance offers complete data breach solutions that can help an organization to remediate after being compromised.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.