Two Large Payers Impacted by Ransomware Attack at Vendor

FJ Thomas

Sarasota, FL ( – According to a recent report from DataBreaches, at least two large payers, Humana and Anthem, have been impacted by a ransomware attack earlier this year via the network server of one of their vendors, PracticeMax. According to their LinkedIn profile, the Arizona based company is a provider billing and IT solutions company, specializing in coding and chart reviews, healthcare analytics, and electronic medical records software. The incident began on April 17th and occurred through May 5th of this year. The company discovered the issue on May 1st but did not regain access to their system until May 6th. After investigation, on August 19th it was determined that files containing PHI information of Humana patients had been removed. The company states that at least for Anthem patients, that no social security number or financial information was impacted.

Humana issued a statement with the Attorney General in Maine stating that at least 4,424 patients with kidney disease were included in the breach. Anthem sent out mail notification of the breach, but has not issued a statement as to how many patients may be impacted, although according to the PracticeMax letter it appears patients with kidney disease may have been targeted there as well. Earlier this month, Indiana based Anthem paid out a $2.7 million from a $39.5 million multi-state settlement due to a 2014 data breach in which dates of birth, social security numbers, and other personal information was compromised.

According to recent statistics from Techjury, hospitals account for around 30 percent of all large data breaches reported, with 34 percent of healthcare breaches occurring from unauthorized access, and at a cost of $6 trillion at the end of 2020. The company estimates a 75.6 percent chance of breaches impacting at least five million records occurring within the next year.

According to the Health and Humana Services breach portal, there have been 24 breaches already reported this month alone, compromising records of 290,893 patients. While only 7 reports were the result of an IT hacking incident, the patient record total accounts for over a third of the total impact. Since the first of the year, 245 reports for network hacks alone have been reported, with 25,905,370 patient records breached.

News brought to you by