Horizon Actuarial Services, Clinic of North Texas, and Parkland Community Health Plan have recently announced breaches of the protected health information of patients and plan members.
Horizon Actuarial Services Reports Data Theft and Extortion Incident
Horizon Actuarial Services (HAS) has recently announced a security breach and the theft of the personal data of members of benefits plans to whom it provides technical and actuarial consulting services, including the Local 295 IBT Employer Group Welfare Fund and the Major League Baseball Players Benefit Plan.
HAS said it received an email on November 12, 2021, from a cyber actor who claimed to have stolen the personal data of plan members from its computer servers. Steps were immediately taken to secure its servers to prevent any further unauthorized access, and a computer forensics firm was engaged to investigate the potential security breach and determine the legitimacy of the email.
HAS confirmed that two servers had been accessed between November 10 and 11, 2021, and files containing names, dates of birth, Social Security numbers, and health plan information had been stolen. HAS said it negotiated with the cyber actors and made a payment in exchange for an agreement that the stolen data would be deleted and would not be distributed or misused.
HAS said it notified the affected plans about the breach and offered to provide notifications. Letters started to be mailed to affected individuals on March 9, 2022. Complimentary credit monitoring and fraud and identity theft support services have been offered to affected individuals.
Some affected plans chose to self-report the breach. Horizon Actuarial Services reported the breach as affecting 38,418 individuals, and the breach was reported separately by the Major League Baseball Players Benefit Plan as affecting 13,156 individuals.
HAS said it is reviewing its security policies and has implemented additional measures to protect against similar incidents in the future.
Clinic of North Texas Victim of November 2021 Cyberattack
Clinic of North Texas in Wichita Falls has recently announced it was the victim of a cyberattack on or around November 9, 2021, in which hackers gained access to patient data stored on its systems. A third-party computer forensics firm was engaged to determine the nature and scope of the breach, and whether patient data was stolen in the attack.
The investigation revealed the attackers gained access to a folder on one of its systems that contained files that included patient names, addresses, dates of birth, and limited health information. Clinic of North Texas said it took several steps in response to the breach, including changing all administrator passwords, implementing two-factor authentication, and deploying endpoint detection, response, and threat hunting tools. Affected individuals have been offered complimentary memberships to a credit monitoring service.
The incident has not yet appeared on the HHS’ Office for Civil Rights breach portal so it is currently unclear how many individuals have been affected.
Parkland Community Health Plan Discovers Mailing Error
Parkland Community Health Plan (PCHP) in Dallas, TX, has recently discovered a mismailing incident that saw the ID cards of 1,682 of its members sent to other health plan members in error. The mailing error was discovered on January 4, 2022, with the investigation confirming the following types of information had been impermissibly disclosed: Name, PCHP ID number, provider information, and plan/copay information.
PCHP said the error was made at its print vendor, and steps have since been taken to ensure similar breaches are avoided in the future. PCHP said it is unaware of any misuse of plan member information and new ID cards have now been mailed to the correct individuals.
The post Horizon Actuarial Services Reports Data Theft and Extortion Incident appeared first on HIPAA Journal.