About 122,000 Providence Health Plan members have been added to the victims of the Dominion National breach that impacted 2.96M patients; a cyberattack and theft complete this week’s breach roundup.
Oregon-based Providence Health Plan is notifying 122,000 members that their data was potentially breached during the massive hack on Dominion National, a health plan administrator and an insurer and administrator of dental and vision benefits, according to Health IT Security.
In July, Dominion National announced that it concluded an investigation into a hack on its servers on April 24, 2019, after receiving an internal alert about unauthorized access. Officials said they discovered 2.96 million patient records were potentially breached after a hacker accessed some of the insurer’s computer servers for nearly nine years beginning on August 25, 2010.
The servers were quickly cleaned. However, the hackers were potentially able to access enrollment and demographic data of former and current members of the insurer’s vision plan, and data of individuals of dental and vision benefits, as well as data of plan producers and health providers.
According to local news outlet Oregon Live, the breached servers also included data of about 122,000 plan members. But as the company has only been using Dominion National as an administrator since 2015, the impact of the breach was smaller for Providence Health Plan customers.
The impacted data potentially included plan member names, Social Security numbers, taxpayer-identification numbers, bank account and routing numbers, group numbers, member identification numbers, subscriber numbers, and email and physical addresses.
The incident is still being investigated by the FBI, and all impacted patients will receive two years of free credit and fraud protection services.
The Dominion National breach is one of the largest seen in the healthcare sector this year, the second massive vendor-related security incident that went undetected for a long period of time before discovery. The American Medical Collection Agency hack lasted for eight months with potentially 25 million patients impacted, so far.
TEMPLE UNIVERSITY HEALTH SYSTEM HACK
Philadelphia-based Temple University Health System is recovering from a cyberattack on its computer systems last week, according to local news outlet KYW News Radio.
The hack began on August 28 and compromised a wide range of the health system’s operations, including email and scheduling platforms. The systems were brought back online two days later. Officials said the hack did not impact the safety and quality of patient care.
CONNALLY MEMORIAL MEDICAL CENTER REPORTS LAPTOP THEFT
A business associate of Texas-based Connally Memorial Medical Center reportedly had a laptop stolen, which potentially compromised the data of 7,358 patients. CMMC is part of the Wilson County Memorial Hospital District.
On April 23, the laptop was reported stolen. An investigation found patient data was stored on the device, including a limited amount of PHI stored in the laptop’s memory. Officials said that data could have potentially been accessed by unauthorized parties.
The data varied by patient, but could include names, dates of birth, internal tracking numbers, specialist referral information, and ethnicities. Diagnoses, transfer dates and reasoning, and location of the transfer were also potentially compromised for a small number of patients. No Social Security numbers or financial data was compromised. All impacted patients will receive a year of free credit monitoring.
Davis, Jessica. (2019, September 4). 122k Providence Health Patients Added to Dominion National Breach. Health IT Security.