Mirra Health Care LLC: 23,000 Florida Medicare members' data exposed as Mirra Health sent records overseas: OIR

Florida Suspends Mirra Health Over Unauthorized Offshore Data Sharing

Florida regulators have suspended Mirra Health Care LLC after an investigation revealed the company exposed sensitive health data of thousands of Medicare Advantage members by sharing it with unauthorized offshore firms. The Florida Office of Insurance Regulation (OIR) found that Mirra Health, which processes claims and enrollment for over 23,000 vulnerable Florida residents many with serious or long-term health conditions outsourced work to unlicensed companies in India and the Philippines without proper approval.

Florida Insurance Commissioner Mike Yaworsky issued an immediate suspension of Mirra Health’s certificate of authority on Tuesday, calling the company’s actions "extremely reckless." The OIR determined that Mirra Health violated state insurance laws by failing to secure consent from the HMOs it serves before transferring data abroad, leaving patients’ private information outside Florida’s regulatory oversight.

During the investigation, Mirra Health also failed to provide all required contracts, compounding its compliance violations. Regulators concluded that the company’s practices created "ongoing, unauthorized exposure" of personal health data, preventing the state and health plans from ensuring full protection for affected individuals.

Mirra Health has been ordered to cease operations in Florida while the investigation remains ongoing.

Source: https://cw34.com/news/local/sensitive-health-data-breach-23000-florida-medicare-members-data-exposed-as-mirra-health-sent-records-overseas-oir-florida-insurance-commissioner-mike-yaworsky

Mirra Health Care cybersecurity rating report: https://www.rankiteo.com/company/mirra-health-care

"id": "MIR1774522073",
"linkid": "mirra-health-care",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '23,000+ Medicare Advantage '
                                              'members',
                        'industry': 'Healthcare',
                        'location': 'Florida, USA',
                        'name': 'Mirra Health Care LLC',
                        'size': 'Processes claims for over 23,000 vulnerable '
                                'Florida residents',
                        'type': 'Healthcare Service Provider'}],
 'attack_vector': 'Unauthorized Third-Party Access',
 'data_breach': {'data_exfiltration': 'Shared with unauthorized offshore firms '
                                      '(India and the Philippines)',
                 'number_of_records_exposed': '23,000+',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (health conditions, personal '
                                        'identifiable information)',
                 'type_of_data_compromised': 'Personal health data, Medicare '
                                             'Advantage member information'},
 'description': 'Florida regulators suspended Mirra Health Care LLC after an '
                'investigation revealed the company exposed sensitive health '
                'data of thousands of Medicare Advantage members by sharing it '
                'with unauthorized offshore firms. Mirra Health outsourced '
                'work to unlicensed companies in India and the Philippines '
                'without proper approval, violating state insurance laws and '
                'leaving patients’ private information outside Florida’s '
                'regulatory oversight.',
 'impact': {'brand_reputation_impact': "Severe (labeled as 'extremely "
                                       "reckless' by regulators)",
            'data_compromised': 'Sensitive health data of Medicare Advantage '
                                'members',
            'identity_theft_risk': 'High (personal health data exposed)',
            'legal_liabilities': 'Violation of state insurance laws',
            'operational_impact': 'Ceased operations in Florida',
            'systems_affected': 'Claims and enrollment processing systems'},
 'investigation_status': 'Ongoing',
 'motivation': 'Operational cost reduction (outsourcing without approval)',
 'post_incident_analysis': {'root_causes': 'Failure to secure consent for '
                                           'offshore data sharing, lack of '
                                           'regulatory compliance, inadequate '
                                           'oversight of third-party vendors'},
 'references': [{'source': 'Florida Office of Insurance Regulation (OIR)'}],
 'regulatory_compliance': {'legal_actions': 'Suspension of certificate of '
                                            'authority',
                           'regulations_violated': 'Florida state insurance '
                                                   'laws, HMO consent '
                                                   'requirements for data '
                                                   'sharing',
                           'regulatory_notifications': 'Florida Office of '
                                                       'Insurance Regulation '
                                                       '(OIR)'},
 'response': {'containment_measures': 'Suspension of Mirra Health’s '
                                      'certificate of authority; ordered to '
                                      'cease operations in Florida'},
 'stakeholder_advisories': 'Health plans and affected individuals at risk due '
                           'to unauthorized data exposure',
 'threat_actor': 'Mirra Health Care LLC (negligence)',
 'title': 'Florida Suspends Mirra Health Over Unauthorized Offshore Data '
          'Sharing',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Lack of regulatory compliance and proper data '
                            'handling procedures'}