Compliance Management, Identity, Vulnerability Management
Feds fine Florida children’s health insurance site for massive 2020 hack

A sign at the U.S. Department of Justice is seen on June 14, 2021, in Washington. (Photo by Kevin Dietsch/Getty Images)
Jelly Bean Communications Design reached a $293,771 settlement to resolve False Claims Act allegations that it knowingly provided deficient security controls to Florida Healthy Kids Corp., which caused the second largest reported healthcare data breach of 2021.Jelly Bean created, hosted and maintained the federally funded Florida children’s health insurance website that offers health and dental insurance for children under a state-issued contract between Oct. 31, 2013, and 2020.A Department of Justice inquiry stemmed from the company's February 2021 breach notice to 3.5 million online applicants and enrollees, detailing a seven-year hack directly caused by Jelly Bean failing to patch multiple website vulnerabilities.Under its agreement, Jelly Bean provided and hosted a website that was required to comply with the Health Insurance Portability and Accountability Act Security Rule, which governs protected health information. The website included the online application for applying to state Medicaid insurance coverage for children. As such, the company agreed to “adapt, modify, and create the necessary code on the web server to support the secure communication of data.”However, the DoJ found the company and Jeremy Spinks — Jelly Bean's manager, 50% owner and sole employee — “knowingly failed to properly maintain, patch, and update the software systems,” which left the website and patient data exposed to cyber threats.“Government contractors responsible for handling personal information must ensure that such information is appropriately protected,” said Principal Deputy Assistant Attorney General Brian Boynton, head of the DoJ’s Civil Division, in the release.
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds