Total Health Care Inc., a health plan based in Detroit, MI, found out that unauthorized people have acquired access to a number of staff email accounts that held sensitive personal data of health plan members and partner doctors.
Upon knowing about the breach, the email accounts were secured without delay to avert even further unauthorized access. Security experts conducted a forensic inquiry to figure out the nature and extent of the data breach. The investigation affirmed that the breach merely affected email accounts that unauthorized people accessed from December 16, 2020 to February 5, 2021.
There is no proof found that indicates the access or misuse of any protected health information (PHI), however, it can’t be 100% certain there was no unauthorized access. An analysis of the email messages in the accounts showed they included names, birth dates, addresses, Social Security numbers, member IDs, and claims details.
Because of the sensitive character of information contained in the accounts, Total Health Care offered the affected persons a two-year complimentary credit monitoring services using CyberScout. The health plan also took steps for the strengthening of email security, such as going over and revising policies and procedures and giving the workforce more security awareness training.
The breach report submitted to the HHS’ Office for Civil Rights indicated that 221,454 people were affected.
Potential Breach of a Patient Mailing List Reported by Harrington Physician Services
Harrington Physician Services based in Southbridge, MA is informing 4,393 patients regarding a potential breach of their PHI. It was lately found out that a mailing list was loaded to a place inside its information system that wasn’t intended to contain patient information. Consequently, it is likely that people not working in Harrington Physician Services might have accessed the mailing list. The information contained in the mailing list included names, ages, addresses, birth dates, primary care doctor names, and last date of visit.
An investigation didn’t reveal any information that indicates the unauthorized access of the mailing list, however, it wasn’t possible to exclude a breach. The mailing list was just accessible for a short time period and, so as to gain access to the list, a person needs to have access to the system where the mailing list was kept. The threat to patients is for that reason considered to be little; nonetheless, as a preventative measure, Harrington Physician Services notified the affected patients and given access to credit protection and monitoring services.