PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon
Anthem has confirmed that the protected health information of certain plan members has been compromised in a data breach at its vendor, Choice Health. Choice Health was provided with the data of plan members to perform its contracted duties. On August 5, 2022, Anthem discovered that an unauthorized individual had gained access to a database and downloaded files containing plan members’ protected health information, including names, addresses, dates of birth, phone numbers, email addresses, Medicare ID numbers, and Medicaid ID numbers.
The database was accessible over the Internet due to a misconfiguration by a third-party service provider and was accessed and downloaded on May 7, 2022. Choice Health confirmed that the database has now been secured and that steps have been taken to improve its data security measures to prevent similar incidents in the future, including implementing multi-factor authentication for access to database files. Affected individuals have been offered complimentary credit monitoring services.
The breach affected several Choice Health clients, including Humana. Anthem notified the Maine Attorney General about the breach and said 13,406 AnthemMainHealth members had been affected. The breach also affected certain Anthem Blue Cross members. HIPAA Journal has not yet been able to establish exactly how many Anthem Blue Cross members have been affected.
WellMed Medical Management Warns Patients About Physician Soliciting Business
The San Antionio, TX-based healthcare delivery company, WellMed Medical Management, has warned 10,506 patients that one of its former physicians obtained their records prior to leaving employment with the intention of making contact with those individuals to encourage them to become patients of his new clinic.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The records were obtained between February 6, 2022, and May 17, 2022, and contained demographic information such as names, dates of birth, mailing addresses, phone numbers, and email addresses; health insurance information including payer name and health plan identifier; and medical information such as medical record numbers, providers, diagnoses, treatments, medications, and laboratory results. No financial information, Social Security numbers, or driver’s license numbers were taken.
WellMed said it took steps to prevent any further outreach to the patients and notified the appropriate authorities about the HIPAA violation. WellMed has also confirmed that the records taken by the physician have now been recovered. The incident prompted WellMed to reinforce its existing policies and practices and implement additional safeguards to prevent similar incidents in the future.
CareOregon Reports August 2022 Mailing Error
The Portland, OR-based health insurance agency, CareOregon, has recently announced that there has been an impermissible disclosure of a limited amount of the protected health information of 8,022 of its members due to a mailing error.
The incident occurred on August 9, 2022, and saw marketing letters intended for one CareOregon member sent to another member. The only information disclosed was the name and Medicaid ID number of one CareOregon member to another member. CareOregon said it has implemented additional policies and procedures and has provided further training to its employees to ensure similar breaches are avoided in the future.
