Email Security Incidents Reported by HealthPlex and Optima Dermatology
Healthplex Inc., one of the largest providers of dental insurance in New York State, has announced that the email account of an employee was compromised in a phishing attack on November 24, 2021. Upon discovery of the breach, the email account was immediately secured to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the breach.
On April 5, 2021, Healthplex confirmed that the email account contained the personal and protected health information of 89,955 individuals who had previously enrolled in its dental plans. The exposed information varied from individual to individual and may have included first and last names in combination with one or more of the following data types:
Address, group name and number, member ID number, plan affiliation, date of birth, date of service, provider name, ADA codes and their description, billed/paid amounts, prescription drug names, Social Security number, banking information, credit card number, username and password for the member portal, email address, phone number, and driver’s license number.
Healthplex said notification letters were sent to affected individuals on April 15, 2022, who have been offered complimentary identity theft protection services through Lifelock. Steps have also been taken to improve the security of its email environment to prevent similar breaches in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Update: The breach was investigated by the New York Attorney General’s Office which identified violations of New York’s data security and consumer protection laws. Healthplex settled the investigation and paid a $400,000 financial penalty.
Optima Dermatology Email Breach Affects Almost 60,000 Patients
Optima Dermatology Holdings has announced it has experienced an email security incident that resulted in the exposure of the protected health information of patients of The Dermatology Center of Indiana and Advanced Dermatology & Skin Cancer Center.
Optima Dermatology did not disclose when the email security breach was discovered but said that after an extensive forensic investigation, it was determined on February 17, 2022, that the breach was limited to a single email account, which was accessed by an unauthorized individual between August 30, 2021, and September 2, 2021.
A review of the email account revealed it contained the protected health information of 59,872 individuals, such as full names, birth dates, medical treatment and/or conditions information, health insurance claims and/or application information, health insurance policy and/or subscriber numbers, and medical record numbers. No evidence was found to indicate Social Security numbers, driver’s license numbers, or financial account/payment card information were exposed or compromised.
Optima Dermatology said notification letters were sent to the 59,872 affected individuals on April 18, 2022, and additional safeguards have been implemented to prevent further attacks.
