Data Breach Investigation of Leaked Florida Blue Health Insurance Information

Migliaccio & Rathod LLP is currently investigating Florida Blue, also known as the Blue Cross and Blue Shield of Florida, for failing to safeguard sensitive plan participant data in a data breach that occurred in June of 2021. The data breach was caused by a brute force password attack on the insurance company’s network using a large database of user identifiers that the hackers gained from online sources to access the company’s member portal. Some of these brute force password attacks were successful and Florida Blue reported in July of 2021 that the personal information of over 30,000 health Florida Blue members was accessed. Examples of the types of data exposed in the leak include names, dates of birth, addresses, social security numbers, medical records, lab results, diagnoses, medications, health insurance information, and dates of services.

While Florida Blue claims that it found no evidence to suggest that the information within the accounts was taken, cybercriminals commonly use information obtained from data breaches to commit a wide variety of identity theft. For example, in previous brute force password breaches, the data viewed within member accounts by unauthorized actors has been used to access other website portals, such as those for credit services, banking, and medical billing. Individuals in previous breaches have had to pay out of pocket for credit monitoring or for new fraudulent charges. Some Florida Blue members may have noticed suspicious credit or banking activity, disrupted medical care, or medical appointments fraudulently created, canceled, and/or billed in their name.

Have you received a data breach notification letter from Florida Blue in the past year?

If so, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.

The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches. More information about our current cases and investigations is available on our blog.