The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Humana Members Impacted by Choice Health Data Breach

Posted By on Sep 28, 2022

Humana has recently announced that the protected health information of 22,767 individuals has potentially been compromised in a security incident and data breach at one of its business associates – Choice Health – which Human used to sell Medicare products on its behalf. On May 18, 2022, Choice Health learned that a Choice Health database was accessible over the Internet, with the investigation confirming the misconfiguration was caused by a third-party service provider.

An unauthorized individual gained access to the database, removed certain database files, and threatened to publicly release the stolen data. The exposed database was detected by Choice Health on May 14, 2022, with the theft of database files identified on May 18. The unauthorized access and data theft occurred on or around May 7, 2022.

Initially, it was thought that the breach was limited to Choice Health lead generation and marketing information; however, further investigations confirmed that the data of some of its carrier partners had also been compromised, including first and last names, Social Security numbers, Medicare beneficiary identification numbers, dates of birth, addresses, other contact information, and health insurance information.

Choice Health worked with its service provider to ensure the database was secured and additional data security measures have been implemented to prevent similar occurrences in the future. Complimentary memberships to credit monitoring and identity theft protection services have been offered to affected individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Tessie Cleveland Community Services Corp Reports Email Account Breach

The Los Angeles, CA-based mental health clinic, Tessie Cleveland Community Services Corp (TCCSC), has recently announced that an unauthorized third party gained access to the email accounts of some of its employees and potentially viewed or obtained the protected health information of patients.

TCCSC identified the unauthorized access on July 20, 2022, and, assisted by a cybersecurity firm, it was confirmed that the email accounts were compromised between June 17, 2022, and June 30, 2022. The investigation suggested the attackers were not interested in obtaining patient information, rather this was an attempted business email compromise attack to commit business fraud against TCCSC; however, the theft of patient data could not be ruled out.

The review of the compromised email accounts confirmed they contained information such as names, demographic information, health insurance identification numbers, limited information regarding care at Tessie, and in some instances, Social Security numbers. Up to 9,747 patients have been notified that their information has been exposed. Credit monitoring services have been offered to eligible individuals.

Email Accounts Breached at Easterseals-Goodwill Northern Rocky Mountain

Easterseals-Goodwill Northern Rocky Mountain, a Great Falls, MT-based provider of services to children and adults with disabilities, has announced a breach of eight employee email accounts and the exposure of the protected health information of 3,886 patients.

Easterseals-Goodwill did not state in its notification letters when the unauthorized access was discovered but said the forensic investigation concluded on July 20, 2022, and determined the email accounts were accessed by an unauthorized individual between October 12, 2021, and November 11, 2021. The email accounts contained names, Social Security numbers, and other personal information, but did not involve its marketing email subscriber list, store transaction information, or donor information.

Notifications were sent to affected individuals on September 16, 2022. Complimentary credit monitoring services have been offered to individuals who had their Social Security numbers exposed. Internal controls have been augmented to prevent similar breaches in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist