The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

Posted By on May 24, 2022

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. PHC has now confirmed in a breach notification to the Maine Attorney General that the protected health information of 854,913 current and former health plan members has potentially been stolen, making this one of the largest healthcare data breaches to be reported so far this year.

According to the notification, the cyberattack was detected on or around March 19, 2022. Steps were immediately taken to contain the breach and an investigation was launched to determine the nature and scope of the attack. PHC said the forensic investigation uncovered evidence that the unauthorized party behind the cyberattack had removed files from the PHC network on or around March 19.

The review of the affected files is ongoing, and while it has yet to be confirmed which specific types of protected health information were included in the affected files, notification letters are starting to be sent to affected individuals. PHC said the types of information potentially stolen may include names, birth dates, addresses, email addresses, Social Security numbers, driver’s license numbers, Tribal ID numbers, medical record numbers, health insurance information, diagnoses, treatment and prescription information other medical information, and member portal usernames and passwords.

While PHC did not state the nature of the cyberattack in its breach notification, the Hive ransomware gang has claimed responsibility for the attack and alleges around 400 GB of files were stolen, a sample of which was temporarily uploaded to the group’s data leak site. PHC said it is reviewing and enhancing its policies and procedures relating to data protection and security, and additional security measures and safeguards will be implemented to protect against this type of event in the future. PHC is covering the cost of access to credit monitoring services for affected individuals for two years. A class action lawsuit has already been filed on behalf of individuals affected by the breach.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist