Last updated 3 weeks ago
Mirra Health Care LLC, a healthcare claims processor, exposed sensitive medical information of thousands of Florida Medicare members by improperly outsourcing records to unauthorized overseas companies. The breach was publicly disclosed in March 2026 when Florida Insurance Commissioner Mike Yaworsky suspended the company's operations following state investigation findings. The exposure affected thousands of Floridians' private health data through unauthorized third-party access.
The breach occurred when Mirra Health sent private medical information to unlicensed companies in India and the Philippines without proper authorization or security oversight. The company shared sensitive health data with these overseas entities, creating unauthorized access pathways to protected health information. The data exposure involved complete medical records and claims information for Florida Medicare members.
Florida state investigators confirmed the company jeopardized patient safety through improper data handling practices. The Florida Insurance Commissioner suspended Mirra Health's operations on March 24, 2026, citing violations of data protection regulations. The regulatory action followed documented evidence of unauthorized overseas data transfers to unlicensed third parties.
Improper outsourcing of sensitive medical information to unlicensed companies overseas
This breach demonstrates critical failures in third-party risk management and data governance controls within healthcare organizations. Mirra Health's improper outsourcing to unlicensed overseas companies highlights the need for rigorous vendor due diligence and continuous monitoring of data handling practices. The incident underscores the importance of maintaining strict control over protected health information throughout its lifecycle, particularly when engaging international service providers.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector