Almost 1,000 People Affected by Florida Blue Data Breach

by | Nov 21, 2017

Personally identifiable information of a limited number of insurance applicants has been exposed online, according to an announcement by Blue Cross and Blue Shield of Florida, dba Florida Blue.

Florida Blue was made aware of the exposure of patient data in late August and quickly launched an investigation. Florida Blue reports that the investigation showed 475 insurance applications had been loaded to the cloud by an unaffiliated insurance company, Real Time Health Quotes (RTHQ).

The data backup was composed of agency files and copies of health, dental, and life insurance applications from 2009 to 2014. Those files were left exposed as an unsecured cloud server was used to hold the backup files. Due to this, those files could have been seen by the public via the Internet.

While data access and theft of personally identifiable information could still result from this breach, Florida Blue has received no reports that any of the exposed data has been used for malicious purposes.

The files held information such as the names of applicants, dates of birth, demographic information, medical histories, Social Security details, and limited banking and payment information. Following the discovery that information had been left accessible, RTHQ took steps to fix the vulnerability and the information is no longer available to unauthorized individuals.

The incident was identified by Florida Blue on August 30, 2017, and patients were alerted of the breach by mail in late October. Even though Florida Blue was not to blame for the breach, and has no partnership with RTHQ, affected applicants have been contacted and offered two years of identity theft protection services for free. Florida Blue said it is still reviewing the incident, and is trying to discover how RTHQ obtained the application information and why the information was held on an unsecured cloud server.

The breach report made to the Department of Health and Human Services’ Office for Civil Rights states that 939 individuals have been affected by the incident.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy