Horizon Actuarial Services, Clinic of North Texas, and Parkland Community Health Plan have just announced breaches of the protected health information (PHI) of patients and plan members.
Data Theft and Extortion Incident Reported by Horizon Actuarial Services
Horizon Actuarial Services (HAS) has lately reported a security incident and the stealing of the personal files of members of benefits plans to whom it gives technical and actuarial consulting services, such as the Major League Baseball Players Benefit Plan as well as the Local 295 IBT Employer Group Welfare Fund.
HAS explained that on November 12, 2021, it got an email from a cyber actor claiming the stealing of the personal data of plan members saved in its computer servers. HAS quickly took action to safeguard its servers to avert any more unauthorized access, and hired a computer forensics company to look into the likely security breach and find out the legitimacy of the email.
HAS established that two servers were viewed between November 10 and 11, 2021, and files comprising names, birth dates, Social Security numbers, and health plan data were compromised. HAS stated it bargained with the threat actors. The stolen information would be erased and won’t be published or misused in exchange for the ransom payment.
HAS reported it advised the affected plans concerning the breach. Notification letters were sent to impacted people on March 9, 2022. Free credit monitoring, fraud, and identity theft support services were given to affected persons.
A number of impacted plans decided to self-report the breach. Horizon Actuarial Services breach report claimed the breach affected 38,418 people. The Major League Baseball Players Benefit Plan reported the breach independently and claimed that 13,156 persons were impacted. The Local 295 IBT Employer Group Welfare Fund stated that 6,123 persons were affected.
HAS stated it is going over its security guidelines and has enforced supplemental procedures to safeguard against the same incidents later on.
Clinic of North Texas Encountered Cyberattack in November 2021
Clinic of North Texas located in Wichita Falls has lately declared it encountered a cyberattack on or approximately November 9, 2021, and hackers acquired access to patient records saved on its systems. A third-party computer forensics agency investigated the attack to find out the nature and extent of the incident, and whether or not patient information was taken during the attack.
The investigation showed the attackers obtained access to a folder on one system that comprised files having patient names, dates of birth, addresses, and limited health details. Clinic of North Texas mentioned it had taken a few steps in consideration of the breach, which include modifying all admin passwords, using two-factor authentication, and implementing endpoint detection, response, and threat hunting applications. Impacted people got free memberships to a credit monitoring service.
The breach is not yet published on the HHS’ Office for Civil Rights breach site therefore it is uncertain at this time how many persons were impacted.
Parkland Community Health Plan Reports Mailing Error
Parkland Community Health Plan (PCHP) based in Dallas, TX, has lately learned about a mismailing event that resulted in the sending of the ID cards of 1,682 members to other health plan members by mistake. The mailing error was identified on January 4, 2022, and the investigation confirmed that these types of data were impermissibly disclosed: Name, provider data, PCHP ID number, and plan/copay details.
PCHP stated the print vendor made the error and took steps to make sure the same breaches do not happen again. PCHP explained it doesn’t know of any misuse of plan member data and new ID cards were already mailed to the appropriate persons.