Data Breach Incidents at Health Plan Member Websites, Zipari and Central California Alliance for Health

Health plan Independence Blue Cross in Philadelphia, AmeriHealth Insurance Company and AmeriHealth HMO, Inc of New Jersey learned that unauthorized persons acquired access to web pages on their member sites from March 17, 2020 to April 30, 2020 and possibly saw the private and protected health information (PHI) of a number of plan members.

The types of data exposed comprise names, health plan type, member ID numbers, payment account balances, claims details and user reward summaries.

According to the breach investigation, the unauthorized person utilized legit credentials to log in to the website. On all occasions, the passwords employed to access the member websites were gotten because of the breaches of third-party sites and apps, including the MyFitnessPal breach last 2018. The security passwords for those third-party webpages were likewise utilized on member websites.

The health plans were notified concerning the data breach on May 8, 2020 and without delay took actions to safeguard the accounts and avert further unauthorized data access. All impacted members already got breach notices and offers of 2-years complimentary credit monitoring and identity theft protection services.

Business Associate Data Breach Impacts 49,500 Providence Health Plan Members

A security breach at a business associate of Providence Health Plan in Oregon affected 49,511 of its members.

On April 17, 2020, Zipari based in Brooklyn notified Providence Health Plan concerning a coding flaw that permitted the online disclosure of records associated to employer-sponsored health plans. Zipari noticed the coding flaw on April 9, 2020. According to the investigation, unauthorized people got access to the records in May, September, and November 2019. The data included in the records were names of employer and member, and birth dates. No other data was disclosed.

Due to the breach, Providence Health Plan slated a third-party review of Zipari’s data security procedures. Plan members were given no-cost credit monitoring services.

Central California Alliance for Health Confirms Several Email Accounts Breached

Central California Alliance for Health (CCAH) learned on May 7, 2020 that an unauthorized person acquired access to several employees’ email accounts and most likely viewed and gotten the PHI of a number of its members. As per the breach report filed with the California Attorney General’s office, several CCAH email accounts were exposed to unauthorized access for around an hour.

An assessment of the breached email accounts showed they comprised names, demographic details, birth dates, Medi-Cal ID numbers, claims details, Alliance Care Management Program information, medical details, and referral data.

CCAH carried out a total password reset on all email accounts and gave additional training about email security to its staff. CCAH did not know of any improper use of members’ data.