Steps have also been taken to prevent similar incidents in the future, including implementing multi-factor authentication for access to its database files.Ĭhoice Health said it has not identified any misuse of plan member data but has sent notifications to affected individuals and has offered them a 24-month membership to a credit monitoring and identity theft protection and resolution service.Īt this stage, it is unclear how many individuals have been affected. According to the notice submitted to the California Attorney General, the files contained information such as first and last names, Social Security numbers, Medicare beneficiary identification numbers, birth dates, addresses and contact information, and health insurance information.Ĭhoice Health said it worked with the third-party service provider to secure the database and confirmed that it was no longer accessible over the Internet. An investigation into a potential breach confirmed on May 18, 2022, that a single Choice Health database had been exposed over the Internet due to “a technical security configuration issue caused by a third-party service provider.” That issue meant the database could be accessed over the internet without authorization.Ĭhoice Health determined that the database had been found and certain database files had been copied by an unauthorized individual on May 7, 2022. The South Carolina-based health insurance company, Choice Health, now part of Alight Solutions, has recently announced that the protected health information of some of its members has been obtained by an unauthorized individual.Ĭhoice Health discovered on May 14, 2022, that an individual was offering a set of data that had allegedly been stolen from Choice Health. Patient Data Exfiltrated in Ransomware Attack on Choice Health The protected health information of 10 patients is known to have been posed to a dark web site. Catholic Health Initiatives in Englewood, CO.Phelps Health Medical Group in Rolla, MO.Newman Regional Medical Center in Emporia, KS.Henry County Medical Center in Paris, TN.Jefferson County Health Center in Fairfield, IA.Indiana University Health in Indianapolis, IA.Entities known to have been affected by the breach include: Some MCG Health clients may be reporting the breach separately. The breach has now been reported to the HHS’ Office for Civil Rights as affecting 793,283 individuals. The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant. The notice states that credit monitoring services have been offered to affected individuals. The breach notice submitted to the Maine Attorney General indicates the protected health information of up to 1.1 million individuals was compromised. A lawsuit filed against MCG Health alleges hackers first gained access to its systems in February 2020, but it took more than two years for the breach to be detected. The substitute breach notice on the MCG Health website does not explain the nature of the attack, how much data was stolen, how MCG Health learned that data had been stolen, or when the data theft incident occurred. MCG Health has advised affected individuals to review their account statements and monitor their free credit reports for signs of misuse of their information. According to the breach notice on the MCG website, MCG determined on March 25, 2022, that an unauthorized individual had obtained data that matched data on its systems, including names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and gender. MCG Health in Seattle, WA, a provider of patient care guidelines to healthcare providers and health plans, started notifying patients and members of MCG customers that an unauthorized party has obtained some of their protected health information. Posted By HIPAA Journal on MCG Health Announces Data Theft Incident Affecting 1.1 Million Individuals Data Theft Incidents Reported at MCG Health, Choice Health, & Goodman Campbell Brain and Spine
0 Comments
Leave a Reply. |