Email Security Cases Announced by HealthPlex and Optima Dermatology

Healthplex Inc., one of the biggest dental insurance companies based in New York, has reported the compromise of an employee’s email account because of a phishing attack last November 24, 2021. Upon uncovering the data breach, Healthplex promptly protected the email account to avoid more unauthorized access and started an investigation to discover the nature and extent of the security breach.

Healthplex affirmed on April 5, 2021 that the compromised email account included the personal data and protected health information (PHI) of 89,955 people who had in the past availed of its dental plans. The compromised data was different from person to person and might have included first and last names combined with at least one of the following data types:

Email and physical address, telephone number, group number and name, plan affiliation, member ID number, date of birth, date of service, provider name, ADA codes and their explanation, invoiced/paid sums, prescription medication names, Social Security number, driver’s license number, banking details, credit card number, username and password for the member website.

Healthplex stated that notification letters had been mailed to affected persons on April 15, 2022, who were provided free identity theft protection services by means of Lifelock. It took action as well to strengthen the security of its email system to avert identical breaches down the road.

Nearly 60,000 Patients Impacted by Optima Dermatology Email Breach

Optima Dermatology Holdings has reported it suffered an email security breach that led to the compromise of the PHI of patients of The Dermatology Center of Indiana and Advanced Dermatology & Skin Cancer Center.

Optima Dermatology didn’t mention when it became aware of the email security breach, however, it mentioned on February 17, 2022 that after a comprehensive forensic investigation, it was confirmed that the breach only affected one email account, which an unauthorized person accessed between August 30, 2021 and September 2, 2021.

An assessment of the email account showed it comprised the PHI of 59,872 people, which include full names, dates of birth, medical procedure and/or illnesses data, medical record numbers, health insurance claims and/or application details, medical insurance policy and/or subscriber numbers. There was no proof discovered that reveal the exposure or breach of Social Security numbers, driver’s license numbers, or financial account/payment card data.

Optima Dermatology stated it issued notification letters to impacted persons on April 18, 2022, and more safety measures have been enforced to stop more attacks.