Humana has recently announced that the protected health information of 22,767 individuals has potentially been compromised in a security incident and data breach at one of its business associates – Choice Health – which Human used to sell Medicare products on its behalf. On May 18, 2022, Choice Health learned that a Choice Health database was accessible over the Internet, with the investigation confirming the misconfiguration was caused by a third-party service provider.
An unauthorized individual gained access to the database, removed certain database files, and threatened to publicly release the stolen data. The exposed database was detected by Choice Health on May 14, 2022, with the theft of database files identified on May 18. The unauthorized access and data theft occurred on or around May 7, 2022.
Initially, it was thought that the breach was limited to Choice Health lead generation and marketing information; however, further investigations confirmed that the data of some of its carrier partners had also been compromised, including first and last names, Social Security numbers, Medicare beneficiary identification numbers, dates of birth, addresses, other contact information, and health insurance information.
Choice Health worked with its service provider to ensure the database was secured and additional data security measures have been implemented to prevent similar occurrences in the future. Complimentary memberships to credit monitoring and identity theft protection services have been offered to affected individuals.
Tessie Cleveland Community Services Corp Reports Email Account Breach
The Los Angeles, CA-based mental health clinic, Tessie Cleveland Community Services Corp (TCCSC), has recently announced that an unauthorized third party gained access to the email accounts of some of its employees and potentially viewed or obtained the protected health information of patients.
TCCSC identified the unauthorized access on July 20, 2022, and, assisted by a cybersecurity firm, it was confirmed that the email accounts were compromised between June 17, 2022, and June 30, 2022. The investigation suggested the attackers were not interested in obtaining patient information, rather this was an attempted business email compromise attack to commit business fraud against TCCSC; however, the theft of patient data could not be ruled out.
The review of the compromised email accounts confirmed they contained information such as names, demographic information, health insurance identification numbers, limited information regarding care at Tessie, and in some instances, Social Security numbers. Up to 9,747 patients have been notified that their information has been exposed. Credit monitoring services have been offered to eligible individuals.
Email Accounts Breached at Easterseals-Goodwill Northern Rocky Mountain
Easterseals-Goodwill Northern Rocky Mountain, a Great Falls, MT-based provider of services to children and adults with disabilities, has announced a breach of eight employee email accounts and the exposure of the protected health information of 3,886 patients.
Easterseals-Goodwill did not state in its notification letters when the unauthorized access was discovered but said the forensic investigation concluded on July 20, 2022, and determined the email accounts were accessed by an unauthorized individual between October 12, 2021, and November 11, 2021. The email accounts contained names, Social Security numbers, and other personal information, but did not involve its marketing email subscriber list, store transaction information, or donor information.
Notifications were sent to affected individuals on September 16, 2022. Complimentary credit monitoring services have been offered to individuals who had their Social Security numbers exposed. Internal controls have been augmented to prevent similar breaches in the future.
The post Humana Members Impacted by Choice Health Data Breach appeared first on HIPAA Journal.