Sarasota, FL (WorkersCompensation.com) – Recently WorkersCompensation.com reported that data breaches are an increasing concern for not just medical groups but insurers as well due to the trend of utilizing “cloud based” data that can be accessed by anyone. It seems that the recent trend of cybersecurity breaches would indicate that the threat is indeed real for insurers especially when utilizing outside administrative vendors that have access to their information.
Earlier this year, administrative company Magellan Health experienced a data breach that impacted at least four separate insurers.
According to a press release issued by Tennessee Medicaid provider Tenncare, the information of 44,000 enrollees may have been stolen in a data breach that was initiated through their pharmacy management vendor, Magellan Health. The breach actually occurred back at the end of May when a Magellan employee fell for an email phishing scam which allowed the hacker to gain access to the employee’s email and any enrollee information contained there; such as name, date of birth, and social security numbers or Id numbers. The breach was not discovered until July. It was not until September, three months after the initial breach, that Tenncare was notified of the incident as it took two months to determine their enrollee information as potentially involved.
According to a report from the HIPPA Journal, Florida Blue was also impacted by the Magellan cybersecurity incident. Like Tenncare, Florida Blue was not notified of the breach until late September when it was discovered that their information was included in the original email account that was breached. Although Florida Blue did not give an exact number of potential enrollee records impacted, the company did state the number was less than 1 percent of their 5 million members.
Enrollee data from Geisinger Health Plan was also included in the Magellan incident. The Pennsylvania based insurer issued a press release in September that 5,848 of its members were potentially impacted, and notified their enrollees by letter.
New Mexico mental health provider, Presbyterian Health Plan was involved in the breach as well. According to a report from The Santa Fe New Mexican newspaper, 180,000 potential members were impacted. Although Magellan’s reports state that it appears that no patient information was actually accessed, the newspaper report states that a woman contacted them stating she had received a robocall from an 866 number requesting personal information. Amanda Schoenberg, spokesperson for the health plan, stated that the number was a Presbyterian Healthcare Services number related to medication adherence.
Magellan hired a third party vendor to investigate the incident. It was determined that the email account had been accessed multiple times by individuals outside of the U.S. with an appeared purpose of merely sending out spam. The company found no enrollee information had been actually accessed or viewed, and “found no compromise or unauthorized intrusion into any other Company systems containing member personal information.” Magellan is offering credit monitoring services through ID Experts.